Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-42794 (GCVE-0-2023-42794)
Vulnerability from cvelistv5 – Published: 2023-10-10 17:17 – Updated: 2025-10-29 12:04
VLAI
EPSS
Title
Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
Summary
Incomplete Cleanup vulnerability in Apache Tomcat.
The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased,
in progress refactoring that exposed a potential denial of service on
Windows if a web application opened a stream for an uploaded file but
failed to close the stream. The file would never be deleted from disk
creating the possibility of an eventual denial of service due to the
disk being full.
Other, EOL versions may also be affected.
Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
Severity
No CVSS data available.
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/vvbr2ms7lockj1hlh… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2023/10/10/8 | x_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
9.0.70 , ≤ 9.0.80
(semver)
Affected: 8.5.85 , ≤ 8.5.93 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
Mohammad Khedmatgozar (cellbox)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "9.0.80",
"status": "affected",
"version": "9.0.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.93",
"status": "affected",
"version": "8.5.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohammad Khedmatgozar (cellbox)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incomplete Cleanup vulnerability in Apache Tomcat.\u003cbr\u003e\u003cbr\u003eThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eOther, EOL versions may also be affected.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nOther, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T12:04:10.367Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-42794",
"datePublished": "2023-10-10T17:17:01.378Z",
"dateReserved": "2023-09-14T12:05:53.583Z",
"dateUpdated": "2025-10-29T12:04:10.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-42794",
"date": "2026-06-22",
"epss": "0.01854",
"percentile": "0.76392"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.85\", \"versionEndExcluding\": \"8.5.94\", \"matchCriteriaId\": \"7EFFF75C-6B29-4D93-A8EC-BC8360D0048E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.70\", \"versionEndExcluding\": \"9.0.81\", \"matchCriteriaId\": \"F819B992-BA2C-4A30-A8A1-C57806AB1C31\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Incomplete Cleanup vulnerability in Apache Tomcat.\\n\\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \\nin progress refactoring that exposed a potential denial of service on \\nWindows if a web application opened a stream for an uploaded file but \\nfailed to close the stream. The file would never be deleted from disk \\ncreating the possibility of an eventual denial of service due to the \\ndisk being full.\\n\\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 inclu\\u00eda una refactorizaci\\u00f3n en curso que expuso una posible denegaci\\u00f3n de servicio en Windows si una aplicaci\\u00f3n web abr\\u00eda una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminar\\u00eda del disco, creando la posibilidad de una eventual denegaci\\u00f3n de servicio debido a que el disco est\\u00e9 lleno. Se recomienda a los usuarios actualizar a la versi\\u00f3n 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema.\"}]",
"id": "CVE-2023-42794",
"lastModified": "2024-11-21T08:23:10.077",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
"published": "2023-10-10T18:15:18.863",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/8\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-459\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-42794\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-10-10T18:15:18.863\",\"lastModified\":\"2025-10-29T12:15:33.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incomplete Cleanup vulnerability in Apache Tomcat.\\n\\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \\nin progress refactoring that exposed a potential denial of service on \\nWindows if a web application opened a stream for an uploaded file but \\nfailed to close the stream. The file would never be deleted from disk \\ncreating the possibility of an eventual denial of service due to the \\ndisk being full.\\n\\nOther, EOL versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 inclu\u00eda una refactorizaci\u00f3n en curso que expuso una posible denegaci\u00f3n de servicio en Windows si una aplicaci\u00f3n web abr\u00eda una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminar\u00eda del disco, creando la posibilidad de una eventual denegaci\u00f3n de servicio debido a que el disco est\u00e9 lleno. Se recomienda a los usuarios actualizar a la versi\u00f3n 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.85\",\"versionEndExcluding\":\"8.5.94\",\"matchCriteriaId\":\"7EFFF75C-6B29-4D93-A8EC-BC8360D0048E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.70\",\"versionEndExcluding\":\"9.0.81\",\"matchCriteriaId\":\"F819B992-BA2C-4A30-A8A1-C57806AB1C31\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}"
}
}
RHSA-2024:0125
Vulnerability from csaf_redhat - Published: 2024-01-10 11:32 - Updated: 2026-05-29 17:49Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.
5.9 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)\n\n* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)\n\n* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0125",
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0125.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-29T17:49:39+00:00",
"generator": {
"date": "2026-05-29T17:49:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:0125",
"initial_release_date": "2024-01-10T11:32:48+00:00",
"revision_history": [
{
"date": "2024-01-10T11:32:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-10T11:32:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-29T17:49:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.2.src",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.2.src",
"product_id": "tomcat-1:9.0.62-27.el8_9.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.2.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "RHBZ#2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: improper cleaning of recycled objects could lead to information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact as the confidentiality is not fully compromised and the malicious user does not have confirmation over the scenario to replicate the error and capture the possible jeopardizing response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "RHBZ#2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: improper cleaning of recycled objects could lead to information leak"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
RHSA-2024:0474
Vulnerability from csaf_redhat - Published: 2024-01-25 10:59 - Updated: 2026-05-29 17:49Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.
5.9 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)\n\n* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)\n\n* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0474",
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0474.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-29T17:49:39+00:00",
"generator": {
"date": "2026-05-29T17:49:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:0474",
"initial_release_date": "2024-01-25T10:59:50+00:00",
"revision_history": [
{
"date": "2024-01-25T10:59:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-25T10:59:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-29T17:49:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.1.src",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.1.src",
"product_id": "tomcat-1:9.0.62-37.el9_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.1.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "RHBZ#2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: improper cleaning of recycled objects could lead to information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact as the confidentiality is not fully compromised and the malicious user does not have confirmation over the scenario to replicate the error and capture the possible jeopardizing response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "RHBZ#2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: improper cleaning of recycled objects could lead to information leak"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
RHSA-2024_0125
Vulnerability from csaf_redhat - Published: 2024-01-10 11:32 - Updated: 2024-12-10 16:41Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.
5.9 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)\n\n* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)\n\n* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0125",
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0125.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2024-12-10T16:41:52+00:00",
"generator": {
"date": "2024-12-10T16:41:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:0125",
"initial_release_date": "2024-01-10T11:32:48+00:00",
"revision_history": [
{
"date": "2024-01-10T11:32:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-10T11:32:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T16:41:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.2.src",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.2.src",
"product_id": "tomcat-1:9.0.62-27.el8_9.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_id": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-27.el8_9.2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.2.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-27.el8_9.2.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "RHBZ#2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: improper cleaning of recycled objects could lead to information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact as the confidentiality is not fully compromised and the malicious user does not have confirmation over the scenario to replicate the error and capture the possible jeopardizing response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "RHBZ#2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: improper cleaning of recycled objects could lead to information leak"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:32:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-1:9.0.62-27.el8_9.2.src",
"AppStream-8.9.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-lib-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.2.noarch",
"AppStream-8.9.0.Z.MAIN:tomcat-webapps-1:9.0.62-27.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
RHSA-2024_0474
Vulnerability from csaf_redhat - Published: 2024-01-25 10:59 - Updated: 2024-12-10 16:41Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.
5.9 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)\n\n* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)\n\n* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0474",
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0474.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2024-12-10T16:41:56+00:00",
"generator": {
"date": "2024-12-10T16:41:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:0474",
"initial_release_date": "2024-01-25T10:59:50+00:00",
"revision_history": [
{
"date": "2024-01-25T10:59:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-25T10:59:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T16:41:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.1.src",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.1.src",
"product_id": "tomcat-1:9.0.62-37.el9_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_id": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-37.el9_3.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.1.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-37.el9_3.1.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw as a Moderate impact as this would depend on how much information an attacker has over the environment (version and disk for example, increasing the Attack Complexity) as there is no guarantee the attack is successful. \nThis may affect only scenarios where running an application on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "RHBZ#2243751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42794"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: FileUpload: DoS due to accumulation of temporary files on Windows"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: improper cleaning of recycled objects could lead to information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact as the confidentiality is not fully compromised and the malicious user does not have confirmation over the scenario to replicate the error and capture the possible jeopardizing response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "RHBZ#2243752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42795"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: improper cleaning of recycled objects could lead to information leak"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:59:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-1:9.0.62-37.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:tomcat-admin-webapps-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-docs-webapp-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-lib-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.1.noarch",
"AppStream-9.3.0.Z.MAIN:tomcat-webapps-1:9.0.62-37.el9_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
SSA-784301
Vulnerability from csaf_siemens - Published: 2024-08-13 00:00 - Updated: 2024-08-13 00:00Summary
SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0
Notes
Summary: SINEC NMS before V3.0 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC NMS before V3.0 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC NMS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-784301.json"
}
],
"title": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0",
"tracking": {
"current_release_date": "2024-08-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-784301",
"initial_release_date": "2024-08-13T00:00:00Z",
"revision_history": [
{
"date": "2024-08-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0",
"product": {
"name": "SINEC NMS",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4611",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-4611"
},
{
"cve": "CVE-2023-5868",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5870"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6378"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6481"
},
{
"cve": "CVE-2023-31122",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-34050",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if \r\n\r\n * the SimpleMessageConverter or SerializerMessageConverter is used \r\n * the user does not configure allowed list patterns \r\n * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-34050"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0027s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.\r\n\r\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \r\nin progress refactoring that exposed a potential denial of service on \r\nWindows if a web application opened a stream for an uploaded file but \r\nfailed to close the stream. The file would never be deleted from disk \r\ncreating the possibility of an eventual denial of service due to the \r\ndisk being full.\r\n\r\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \r\ncause Tomcat to skip some parts of the recycling process leading to \r\ninformation leaking from the current request/response to the next.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-43622",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\r\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\r\n\r\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-43622"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \r\ncrafted, invalid trailer header could cause Tomcat to treat a single \r\nrequest as multiple requests leading to the possibility of request \r\nsmuggling when behind a reverse proxy.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-45802",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request\u0027s memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\r\n\r\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45802"
},
{
"cve": "CVE-2023-46120",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46120"
},
{
"cve": "CVE-2023-46280",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46280"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-0985",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "summary",
"text": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker\u0027s roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker\u0027s materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-0985"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-36398",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36398"
},
{
"cve": "CVE-2024-41938",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41938"
},
{
"cve": "CVE-2024-41939",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41939"
},
{
"cve": "CVE-2024-41940",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41940"
},
{
"cve": "CVE-2024-41941",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41941"
}
]
}
SUSE-SU-2024:0472-1
Vulnerability from csaf_suse - Published: 2024-02-14 14:02 - Updated: 2024-02-14 14:02Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Updated to Tomcat 9.0.85:
- CVE-2023-45648: Improve trailer header parsing (bsc#1216118).
- CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120).
- CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119).
- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)
- CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)
The following non-security issues were fixed:
- Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).
Find the full release notes at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
Patchnames: SUSE-2024-472,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-472,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-472,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-472,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-472,SUSE-Storage-7.1-2024-472,openSUSE-SLE-15.5-2024-472
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdated to Tomcat 9.0.85:\n\n- CVE-2023-45648: Improve trailer header parsing (bsc#1216118).\n- CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120).\n- CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119).\n- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)\n- CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)\n \nThe following non-security issues were fixed:\n\n- Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).\n\nFind the full release notes at:\n\nhttps://tomcat.apache.org/tomcat-9.0-doc/changelog.html\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-472,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-472,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-472,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-472,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-472,SUSE-Storage-7.1-2024-472,openSUSE-SLE-15.5-2024-472",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0472-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0472-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240472-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0472-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017913.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216118",
"url": "https://bugzilla.suse.com/1216118"
},
{
"category": "self",
"summary": "SUSE Bug 1216119",
"url": "https://bugzilla.suse.com/1216119"
},
{
"category": "self",
"summary": "SUSE Bug 1216120",
"url": "https://bugzilla.suse.com/1216120"
},
{
"category": "self",
"summary": "SUSE Bug 1217402",
"url": "https://bugzilla.suse.com/1217402"
},
{
"category": "self",
"summary": "SUSE Bug 1217649",
"url": "https://bugzilla.suse.com/1217649"
},
{
"category": "self",
"summary": "SUSE Bug 1217768",
"url": "https://bugzilla.suse.com/1217768"
},
{
"category": "self",
"summary": "SUSE Bug 1219208",
"url": "https://bugzilla.suse.com/1219208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42794 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22029/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2024-02-14T14:02:00Z",
"generator": {
"date": "2024-02-14T14:02:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0472-1",
"initial_release_date": "2024-02-14T14:02:00Z",
"revision_history": [
{
"date": "2024-02-14T14:02:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-embed-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-embed-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-javadoc-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-jsvc-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-lib-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-webapps-9.0.85-150200.57.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-embed-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42794"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42794",
"url": "https://www.suse.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "SUSE Bug 1216120 for CVE-2023-42794",
"url": "https://bugzilla.suse.com/1216120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-45648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45648"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45648",
"url": "https://www.suse.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "SUSE Bug 1216118 for CVE-2023-45648",
"url": "https://bugzilla.suse.com/1216118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-22029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22029"
}
],
"notes": [
{
"category": "general",
"text": "Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22029",
"url": "https://www.suse.com/security/cve/CVE-2024-22029"
},
{
"category": "external",
"summary": "SUSE Bug 1219208 for CVE-2024-22029",
"url": "https://bugzilla.suse.com/1219208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2024-22029"
}
]
}
WID-SEC-W-2023-2628
Vulnerability from csaf_certbund - Published: 2023-10-10 22:00 - Updated: 2026-03-26 23:00Summary
Apache Tomcat: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Windows
Affected products
Known affected
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
Red Hat JBoss Core Services
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:-
|
— | |
|
Apache Tomcat <8.5.94
Apache / Tomcat
|
<8.5.94 | ||
|
IBM Rational Build Forge 8.0.0.24
IBM / Rational Build Forge
|
cpe:/a:ibm:rational_build_forge:8.0.0.24
|
8.0.0.24 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Web Server <5.7.7
Red Hat / JBoss Web Server
|
<5.7.7 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
F5 BIG-IP 17.1.0-17.1.2
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.2
|
17.1.0-17.1.2 | |
|
IBM Power Hardware Management Console V10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
V10 | |
|
Broadcom Brocade SANnav <2.3.1
Broadcom / Brocade SANnav
|
<2.3.1 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Open Source Vaadin <24.2.0
Open Source / Vaadin
|
<24.2.0 | ||
|
Open Source Camunda <7.21.0-alpha1
Open Source / Camunda
|
<7.21.0-alpha1 | ||
|
Open Source Camunda <7.19.8
Open Source / Camunda
|
<7.19.8 | ||
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Open Source Camunda <7.20.1
Open Source / Camunda
|
<7.20.1 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Open Source Camunda RPA Bridge <1.1.10
Open Source / Camunda
|
RPA Bridge <1.1.10 | ||
|
Open Source Camunda <7.18.12
Open Source / Camunda
|
<7.18.12 | ||
|
Xerox FreeFlow Print Server v2 / Windows 10
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2__windows_10
|
v2 / Windows 10 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM / Storwize
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Apache Tomcat <9.0.81
Apache / Tomcat
|
<9.0.81 | ||
|
Red Hat JBoss Core Services 1
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1.0
|
1 | |
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 |
Affected products
Known affected
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
Red Hat JBoss Core Services
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:-
|
— | |
|
Apache Tomcat <8.5.94
Apache / Tomcat
|
<8.5.94 | ||
|
IBM Rational Build Forge 8.0.0.24
IBM / Rational Build Forge
|
cpe:/a:ibm:rational_build_forge:8.0.0.24
|
8.0.0.24 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Web Server <5.7.7
Red Hat / JBoss Web Server
|
<5.7.7 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
F5 BIG-IP 17.1.0-17.1.2
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.2
|
17.1.0-17.1.2 | |
|
IBM Power Hardware Management Console V10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
V10 | |
|
Broadcom Brocade SANnav <2.3.1
Broadcom / Brocade SANnav
|
<2.3.1 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Open Source Vaadin <24.2.0
Open Source / Vaadin
|
<24.2.0 | ||
|
Open Source Camunda <7.21.0-alpha1
Open Source / Camunda
|
<7.21.0-alpha1 | ||
|
Open Source Camunda <7.19.8
Open Source / Camunda
|
<7.19.8 | ||
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Open Source Camunda <7.20.1
Open Source / Camunda
|
<7.20.1 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Open Source Camunda RPA Bridge <1.1.10
Open Source / Camunda
|
RPA Bridge <1.1.10 | ||
|
Open Source Camunda <7.18.12
Open Source / Camunda
|
<7.18.12 | ||
|
Xerox FreeFlow Print Server v2 / Windows 10
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2__windows_10
|
v2 / Windows 10 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM / Storwize
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Apache Tomcat <9.0.81
Apache / Tomcat
|
<9.0.81 | ||
|
Red Hat JBoss Core Services 1
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1.0
|
1 | |
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 |
Affected products
Known affected
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
Red Hat JBoss Core Services
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:-
|
— | |
|
Apache Tomcat <8.5.94
Apache / Tomcat
|
<8.5.94 | ||
|
IBM Rational Build Forge 8.0.0.24
IBM / Rational Build Forge
|
cpe:/a:ibm:rational_build_forge:8.0.0.24
|
8.0.0.24 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Web Server <5.7.7
Red Hat / JBoss Web Server
|
<5.7.7 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
F5 BIG-IP 17.1.0-17.1.2
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.2
|
17.1.0-17.1.2 | |
|
IBM Power Hardware Management Console V10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
V10 | |
|
Broadcom Brocade SANnav <2.3.1
Broadcom / Brocade SANnav
|
<2.3.1 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Open Source Vaadin <24.2.0
Open Source / Vaadin
|
<24.2.0 | ||
|
Open Source Camunda <7.21.0-alpha1
Open Source / Camunda
|
<7.21.0-alpha1 | ||
|
Open Source Camunda <7.19.8
Open Source / Camunda
|
<7.19.8 | ||
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Open Source Camunda <7.20.1
Open Source / Camunda
|
<7.20.1 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Open Source Camunda RPA Bridge <1.1.10
Open Source / Camunda
|
RPA Bridge <1.1.10 | ||
|
Open Source Camunda <7.18.12
Open Source / Camunda
|
<7.18.12 | ||
|
Xerox FreeFlow Print Server v2 / Windows 10
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2__windows_10
|
v2 / Windows 10 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM / Storwize
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Apache Tomcat <9.0.81
Apache / Tomcat
|
<9.0.81 | ||
|
Red Hat JBoss Core Services 1
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1.0
|
1 | |
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 |
Affected products
Known affected
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
Red Hat JBoss Core Services
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:-
|
— | |
|
Apache Tomcat <8.5.94
Apache / Tomcat
|
<8.5.94 | ||
|
IBM Rational Build Forge 8.0.0.24
IBM / Rational Build Forge
|
cpe:/a:ibm:rational_build_forge:8.0.0.24
|
8.0.0.24 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Web Server <5.7.7
Red Hat / JBoss Web Server
|
<5.7.7 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
F5 BIG-IP 17.1.0-17.1.2
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.2
|
17.1.0-17.1.2 | |
|
IBM Power Hardware Management Console V10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
V10 | |
|
Broadcom Brocade SANnav <2.3.1
Broadcom / Brocade SANnav
|
<2.3.1 | ||
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Open Source Vaadin <24.2.0
Open Source / Vaadin
|
<24.2.0 | ||
|
Open Source Camunda <7.21.0-alpha1
Open Source / Camunda
|
<7.21.0-alpha1 | ||
|
Open Source Camunda <7.19.8
Open Source / Camunda
|
<7.19.8 | ||
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Open Source Camunda <7.20.1
Open Source / Camunda
|
<7.20.1 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Open Source Camunda RPA Bridge <1.1.10
Open Source / Camunda
|
RPA Bridge <1.1.10 | ||
|
Open Source Camunda <7.18.12
Open Source / Camunda
|
<7.18.12 | ||
|
Xerox FreeFlow Print Server v2 / Windows 10
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2__windows_10
|
v2 / Windows 10 | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM / Storwize
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Apache Tomcat <9.0.81
Apache / Tomcat
|
<9.0.81 | ||
|
Red Hat JBoss Core Services 1
Red Hat / JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1.0
|
1 | |
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 |
References
63 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2628 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2628.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2628 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2628"
},
{
"category": "external",
"summary": "Apache Tomcat 8 Changelog vom 2023-10-10",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94"
},
{
"category": "external",
"summary": "Apache Tomcat 9 Changelog vom 2023-10-10",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5522 vom 2023-10-11",
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5521 vom 2023-10-11",
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3617 vom 2023-10-13",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT8.5-2023-016 vom 2023-10-18",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-016.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2023-010 vom 2023-10-18",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-010.html"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-G8PJ-R55Q-5C2V vom 2023-10-18",
"url": "https://github.com/vaadin/platform/releases/tag/24.2.0"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4129-1 vom 2023-10-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016747.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5928 vom 2023-10-20",
"url": "https://access.redhat.com/errata/RHSA-2023:5928"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5929 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5929"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5929 vom 2023-10-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5929.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1868 vom 2023-10-19",
"url": "https://alas.aws.amazon.com/ALAS-2023-1868.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5929 vom 2023-10-24",
"url": "https://linux.oracle.com/errata/ELSA-2023-5929.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5928 vom 2023-10-25",
"url": "http://linux.oracle.com/errata/ELSA-2023-5928.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6145 vom 2023-10-27",
"url": "https://access.redhat.com/errata/RHSA-2023:6145"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-6120 vom 2023-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2023-6120.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6207 vom 2023-10-31",
"url": "https://access.redhat.com/errata/RHSA-2023:6207"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6206 vom 2023-10-31",
"url": "https://access.redhat.com/errata/RHSA-2023:6206"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4337-1 vom 2023-11-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016986.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4423-1 vom 2023-11-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017018.html"
},
{
"category": "external",
"summary": "Camunda Security Notice 97 vom 2023-11-13",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7072626 vom 2023-11-14",
"url": "https://www.ibm.com/support/pages/node/7072626"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7247 vom 2023-11-16",
"url": "https://access.redhat.com/errata/RHSA-2023:7247"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7076274 vom 2023-11-15",
"url": "https://www.ibm.com/support/pages/node/7076274"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7082717"
},
{
"category": "external",
"summary": "Xerox Security Bulletin XRX23-021",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2023/11/XRX23-021_FFPSv2_Win10_SecurityBulletin_Nov2023.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7623 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7623"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7625 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7626 vom 2023-12-07",
"url": "https://access.redhat.com/errata/RHSA-2023:7626"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7099297 vom 2023-12-18",
"url": "https://www.ibm.com/support/pages/node/7099297"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7105133 vom 2024-01-05",
"url": "http://www.ibm.com/support/pages/node/7105133"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0125 vom 2024-01-10",
"url": "https://access.redhat.com/errata/RHSA-2024:0125"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0125 vom 2024-01-11",
"url": "https://linux.oracle.com/errata/ELSA-2024-0125.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7107757 vom 2024-01-16",
"url": "https://www.ibm.com/support/pages/node/7107757"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7107755 vom 2024-01-16",
"url": "https://www.ibm.com/support/pages/node/7107755"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7111624 vom 2024-01-24",
"url": "https://www.ibm.com/support/pages/node/7111624"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0474 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0474"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0474 vom 2024-01-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-0474.html"
},
{
"category": "external",
"summary": "DELL Security Update",
"url": "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-107 vom 2024-01-30",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-107/index.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0472-1 vom 2024-02-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017913.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-133 vom 2024-03-12",
"url": "https://www.dell.com/support/kbdoc/000223002/dsa-2024-="
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2024-012 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2024-012.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2501 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2501.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7114769 vom 2024-04-30",
"url": "https://www.ibm.com/support/pages/node/7114769"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156539 vom 2024-06-18",
"url": "https://www.ibm.com/support/pages/node/7156539"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-134 vom 2024-07-02",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-134/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-126 vom 2024-08-06",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-126/index.html"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2024-2429 vom 2024-11-02",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25158"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7106-1 vom 2024-11-18",
"url": "https://ubuntu.com/security/notices/USN-7106-1"
},
{
"category": "external",
"summary": "F5 Security Advisory K000138178 vom 2025-01-17",
"url": "https://my.f5.com/manage/s/article/K000138178"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2812 vom 2025-04-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2812.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7410-1 vom 2025-04-07",
"url": "https://ubuntu.com/security/notices/USN-7410-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7469-1 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7469-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7469-2 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7469-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7562-1 vom 2025-06-10",
"url": "https://ubuntu.com/security/notices/USN-7562-1"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1058-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-26T23:00:00.000+00:00",
"generator": {
"date": "2026-03-27T09:41:22.271+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-2628",
"initial_release_date": "2023-10-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-10-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Open Source aufgenommen"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und Amazon aufgenommen"
},
{
"date": "2023-10-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-29T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-02T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-13T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-14T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2023-11-15T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2023-11-26T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-28T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2023-12-07T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-18T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-04T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-01-10T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-11T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-15T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-24T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-29T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-06-17T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2024-11-17T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "44"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.5.94",
"product": {
"name": "Apache Tomcat \u003c8.5.94",
"product_id": "T030426"
}
},
{
"category": "product_version",
"name": "8.5.94",
"product": {
"name": "Apache Tomcat 8.5.94",
"product_id": "T030426-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:8.5.94"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.81",
"product": {
"name": "Apache Tomcat \u003c9.0.81",
"product_id": "T030427"
}
},
{
"category": "product_version",
"name": "9.0.81",
"product": {
"name": "Apache Tomcat 9.0.81",
"product_id": "T030427-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.81"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.1",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1",
"product_id": "T034139"
}
},
{
"category": "product_version",
"name": "2.3.1",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1",
"product_id": "T034139-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.3.0a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.0a",
"product_id": "T034294"
}
},
{
"category": "product_version",
"name": "2.3.0a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.0a",
"product_id": "T034294-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.0a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy\u003c19.9.0.4",
"product_id": "T032377"
}
},
{
"category": "product_version",
"name": "vProxy19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy19.9.0.4",
"product_id": "T032377-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.9.0.4"
}
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c19.10",
"product": {
"name": "Dell NetWorker vProxy\u003c19.10",
"product_id": "T032378"
}
},
{
"category": "product_version",
"name": "vProxy19.10",
"product": {
"name": "Dell NetWorker vProxy19.10",
"product_id": "T032378-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.10"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "15.1.0-15.1.10",
"product": {
"name": "F5 BIG-IP 15.1.0-15.1.10",
"product_id": "T034902",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:15.1.0_-_15.1.10"
}
}
},
{
"category": "product_version",
"name": "16.1.0-16.1.5",
"product": {
"name": "F5 BIG-IP 16.1.0-16.1.5",
"product_id": "T037028",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:16.1.0_-_16.1.5"
}
}
},
{
"category": "product_version",
"name": "17.1.0-17.1.2",
"product": {
"name": "F5 BIG-IP 17.1.0-17.1.2",
"product_id": "T040213",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:17.1.0_-_17.1.2"
}
}
}
],
"category": "product_name",
"name": "BIG-IP"
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "10.1-10.1.0.2",
"product": {
"name": "IBM Integration Bus 10.1-10.1.0.2",
"product_id": "T031084",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2"
}
}
}
],
"category": "product_name",
"name": "Integration Bus"
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager",
"product": {
"name": "IBM Operational Decision Manager",
"product_id": "T005180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "V10",
"product": {
"name": "IBM Power Hardware Management Console V10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "8.0.0.24",
"product": {
"name": "IBM Rational Build Forge 8.0.0.24",
"product_id": "T030689",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.24"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T002782",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM Security Guardium 11.5",
"product_id": "1411051",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.5"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_version",
"name": "V5000",
"product": {
"name": "IBM Storwize V5000",
"product_id": "T020641",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:v5000"
}
}
},
{
"category": "product_name",
"name": "IBM Storwize",
"product": {
"name": "IBM Storwize",
"product_id": "T021621",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:-"
}
}
}
],
"category": "product_name",
"name": "Storwize"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.21.0-alpha1",
"product": {
"name": "Open Source Camunda \u003c7.21.0-alpha1",
"product_id": "T031061"
}
},
{
"category": "product_version",
"name": "7.21.0-alpha1",
"product": {
"name": "Open Source Camunda 7.21.0-alpha1",
"product_id": "T031061-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.21.0-alpha1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.20.1",
"product": {
"name": "Open Source Camunda \u003c7.20.1",
"product_id": "T031062"
}
},
{
"category": "product_version",
"name": "7.20.1",
"product": {
"name": "Open Source Camunda 7.20.1",
"product_id": "T031062-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.20.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.19.8",
"product": {
"name": "Open Source Camunda \u003c7.19.8",
"product_id": "T031063"
}
},
{
"category": "product_version",
"name": "7.19.8",
"product": {
"name": "Open Source Camunda 7.19.8",
"product_id": "T031063-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.19.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.18.12",
"product": {
"name": "Open Source Camunda \u003c7.18.12",
"product_id": "T031064"
}
},
{
"category": "product_version",
"name": "7.18.12",
"product": {
"name": "Open Source Camunda 7.18.12",
"product_id": "T031064-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.18.12"
}
}
},
{
"category": "product_version_range",
"name": "RPA Bridge \u003c1.1.10",
"product": {
"name": "Open Source Camunda RPA Bridge \u003c1.1.10",
"product_id": "T031065"
}
},
{
"category": "product_version",
"name": "RPA Bridge 1.1.10",
"product": {
"name": "Open Source Camunda RPA Bridge 1.1.10",
"product_id": "T031065-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:rpa_bridge__1.1.10"
}
}
}
],
"category": "product_name",
"name": "Camunda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.2.0",
"product": {
"name": "Open Source Vaadin \u003c24.2.0",
"product_id": "T030676"
}
},
{
"category": "product_version",
"name": "24.2.0",
"product": {
"name": "Open Source Vaadin 24.2.0",
"product_id": "T030676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vaadin:vaadin:24.2.0"
}
}
}
],
"category": "product_name",
"name": "Vaadin"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "1",
"product": {
"name": "Red Hat JBoss Core Services 1",
"product_id": "459970",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services",
"product": {
"name": "Red Hat JBoss Core Services",
"product_id": "T012412",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:-"
}
}
}
],
"category": "product_name",
"name": "JBoss Core Services"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.7.7",
"product": {
"name": "Red Hat JBoss Web Server \u003c5.7.7",
"product_id": "T031508"
}
},
{
"category": "product_version",
"name": "5.7.7",
"product": {
"name": "Red Hat JBoss Web Server 5.7.7",
"product_id": "T031508-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7.7"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v2 / Windows 10",
"product": {
"name": "Xerox FreeFlow Print Server v2 / Windows 10",
"product_id": "T031383",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v2__windows_10"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42794",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T012412",
"T030426",
"T030689",
"T004914",
"T020641",
"T024663",
"T005180",
"398363",
"T031508",
"T025159",
"T040213",
"T023373",
"T034139",
"T032377",
"T002782",
"T032378",
"T050283",
"T030676",
"T031061",
"T031063",
"T037028",
"T031062",
"T031084",
"T034294",
"T031065",
"T031064",
"T031383",
"T052048",
"T017562",
"T022954",
"T021621",
"2951",
"T002207",
"T000126",
"T030427",
"459970",
"1411051"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T012412",
"T030426",
"T030689",
"T004914",
"T020641",
"T024663",
"T005180",
"398363",
"T031508",
"T025159",
"T040213",
"T023373",
"T034139",
"T032377",
"T002782",
"T032378",
"T050283",
"T030676",
"T031061",
"T031063",
"T037028",
"T031062",
"T031084",
"T034294",
"T031065",
"T031064",
"T031383",
"T052048",
"T017562",
"T022954",
"T021621",
"2951",
"T002207",
"T000126",
"T030427",
"459970",
"1411051"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T012412",
"T030426",
"T030689",
"T004914",
"T020641",
"T024663",
"T005180",
"398363",
"T031508",
"T025159",
"T040213",
"T023373",
"T034139",
"T032377",
"T002782",
"T032378",
"T050283",
"T030676",
"T031061",
"T031063",
"T037028",
"T031062",
"T031084",
"T034294",
"T031065",
"T031064",
"T031383",
"T052048",
"T017562",
"T022954",
"T021621",
"2951",
"T002207",
"T000126",
"T030427",
"459970",
"1411051"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T012412",
"T030426",
"T030689",
"T004914",
"T020641",
"T024663",
"T005180",
"398363",
"T031508",
"T025159",
"T040213",
"T023373",
"T034139",
"T032377",
"T002782",
"T032378",
"T050283",
"T030676",
"T031061",
"T031063",
"T037028",
"T031062",
"T031084",
"T034294",
"T031065",
"T031064",
"T031383",
"T052048",
"T017562",
"T022954",
"T021621",
"2951",
"T002207",
"T000126",
"T030427",
"459970",
"1411051"
]
},
"release_date": "2023-10-10T22:00:00.000+00:00",
"title": "CVE-2023-45648"
}
]
}
WID-SEC-W-2023-2963
Vulnerability from csaf_certbund - Published: 2023-11-16 23:00 - Updated: 2023-11-16 23:00Summary
Trellix ePolicy Orchestrator: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Trellix ePolicy Orchestrator (ePO) zentralisiert und optimiert die Verwaltung der Sicherheit von Endgeräten, Netzwerken und Inhalten.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in Trellix ePolicy Orchestrator ausnutzen, um sich administrative Rechte zu verschaffen, um einen Redirect-Angriff auszuführen und um nicht näher spezifizierte Auswirkungen zu erzielen.
Betroffene Betriebssysteme: - Windows
Es existiert eine Schwachstelle in Trellix ePolicy Orchestrator. Ein Angreifer kann den URL-Parameter manipulieren und dadurch einen Nutzer auf eine bösartige Webseite umleiten.
Es besteht eine Schwachstelle in Trellix ePolicy Orchestrator bezüglich des Dashboard-Bereichs der Benutzeroberfläche. Ein Angreifer kann eine Cross-Site Request Forgery ausnutzen, um neue Benutzer mit administrativen Rechten zu erstellen. Ein erfolgreiches Ausnutzen der Schwachstelle erfordert eine Benutzerinteraktion.
Es existieren mehrere Schwachstellen in Trellix ePolicy Orchestrator bezüglich der verwendeten Komponenten Apache Tomcat und Java Runtime Environment. Die Auswirkungen im Zusammenhang mit ePO sind nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.
Es existieren mehrere Schwachstellen in Trellix ePolicy Orchestrator bezüglich der verwendeten Komponenten Apache Tomcat und Java Runtime Environment. Die Auswirkungen im Zusammenhang mit ePO sind nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.
Es existieren mehrere Schwachstellen in Trellix ePolicy Orchestrator bezüglich der verwendeten Komponenten Apache Tomcat und Java Runtime Environment. Die Auswirkungen im Zusammenhang mit ePO sind nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Trellix ePolicy Orchestrator (ePO) zentralisiert und optimiert die Verwaltung der Sicherheit von Endger\u00e4ten, Netzwerken und Inhalten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Trellix ePolicy Orchestrator ausnutzen, um sich administrative Rechte zu verschaffen, um einen Redirect-Angriff auszuf\u00fchren und um nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2963 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2963.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2963 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2963"
},
{
"category": "external",
"summary": "Trellix Security Bulletin vom 2023-11-16",
"url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10410\u0026actp=null\u0026viewlocale=en_US\u0026showDraft=false\u0026platinum_status=false\u0026locale=en_US"
}
],
"source_lang": "en-US",
"title": "Trellix ePolicy Orchestrator: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-11-16T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:01:51.137+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2963",
"initial_release_date": "2023-11-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-11-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Trellix ePolicy Orchestrator \u003c 5.10.0 SP1 UP2",
"product": {
"name": "Trellix ePolicy Orchestrator \u003c 5.10.0 SP1 UP2",
"product_id": "T031268",
"product_identification_helper": {
"cpe": "cpe:/a:trellix:epolicy_orchestrator:5.10.0:sp1_up2"
}
}
}
],
"category": "vendor",
"name": "Trellix"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5445",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Trellix ePolicy Orchestrator. Ein Angreifer kann den URL-Parameter manipulieren und dadurch einen Nutzer auf eine b\u00f6sartige Webseite umleiten."
}
],
"release_date": "2023-11-16T23:00:00.000+00:00",
"title": "CVE-2023-5445"
},
{
"cve": "CVE-2023-5444",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Trellix ePolicy Orchestrator bez\u00fcglich des Dashboard-Bereichs der Benutzeroberfl\u00e4che. Ein Angreifer kann eine Cross-Site Request Forgery ausnutzen, um neue Benutzer mit administrativen Rechten zu erstellen. Ein erfolgreiches Ausnutzen der Schwachstelle erfordert eine Benutzerinteraktion."
}
],
"release_date": "2023-11-16T23:00:00.000+00:00",
"title": "CVE-2023-5444"
},
{
"cve": "CVE-2023-45648",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Trellix ePolicy Orchestrator bez\u00fcglich der verwendeten Komponenten Apache Tomcat und Java Runtime Environment. Die Auswirkungen im Zusammenhang mit ePO sind nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
}
],
"release_date": "2023-11-16T23:00:00.000+00:00",
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-42795",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Trellix ePolicy Orchestrator bez\u00fcglich der verwendeten Komponenten Apache Tomcat und Java Runtime Environment. Die Auswirkungen im Zusammenhang mit ePO sind nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
}
],
"release_date": "2023-11-16T23:00:00.000+00:00",
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-42794",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Trellix ePolicy Orchestrator bez\u00fcglich der verwendeten Komponenten Apache Tomcat und Java Runtime Environment. Die Auswirkungen im Zusammenhang mit ePO sind nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
}
],
"release_date": "2023-11-16T23:00:00.000+00:00",
"title": "CVE-2023-42794"
}
]
}
WID-SEC-W-2023-2993
Vulnerability from csaf_certbund - Published: 2023-11-21 23:00 - Updated: 2023-12-12 23:00Summary
Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence and Atlassian Jira Software: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Confluence ist eine kommerzielle Wiki-Software.
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Windows
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Confluence < 8.4.5
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.4.5
|
— | |
|
Atlassian Confluence < 8.6.2
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.6.2
|
— | |
|
Atlassian Confluence < 8.5.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.5.4
|
— | |
|
Atlassian Bitbucket < 8.9.7
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.9.7
|
— | |
|
Atlassian Confluence < 8.7.1
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.7.1
|
— | |
|
Atlassian Bamboo < 9.2.7
Atlassian / Bamboo
|
cpe:/a:atlassian:bamboo:9.2.7
|
— | |
|
Atlassian Confluence < 8.3.4
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:8.3.4
|
— | |
|
Atlassian Bitbucket < 8.12.4
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.12.4
|
— | |
|
Atlassian Bitbucket < 8.11.6
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.11.6
|
— | |
|
Atlassian Jira Software Service Management < 4.20.28
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__4.20.28
|
— | |
|
Atlassian Bitbucket < 8.14.2
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.14.2
|
— | |
|
Atlassian Jira Software < 9.4.13
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:9.4.13
|
— | |
|
Atlassian Bitbucket < 8.13.3
Atlassian / Bitbucket
|
cpe:/a:atlassian:bitbucket:8.13.3
|
— | |
|
Atlassian Confluence < 7.19.17
Atlassian / Confluence
|
cpe:/a:atlassian:confluence:7.19.17
|
— | |
|
Atlassian Jira Software Service Management < 5.4.12
Atlassian / Jira Software
|
cpe:/a:atlassian:jira_software:service_management__5.4.12
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2993 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2993.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2993 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2993"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin vom 2023-11-21",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-21-2023-1318881573.html"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12",
"url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence and Atlassian Jira Software: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-12-12T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:01:59.515+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2993",
"initial_release_date": "2023-11-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-11-23T23:00:00.000+00:00",
"number": "2",
"summary": "Bewertung angepasst"
},
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.2.7",
"product": {
"name": "Atlassian Bamboo \u003c 9.2.7",
"product_id": "1529586",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.7"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.2.7",
"product": {
"name": "Atlassian Bamboo \u003c 9.2.7",
"product_id": "T031322",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.7"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.3.4",
"product": {
"name": "Atlassian Bamboo \u003c 9.3.4",
"product_id": "T031323",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.3.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.3.5",
"product": {
"name": "Atlassian Bamboo \u003c 9.3.5",
"product_id": "T031324",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.3.5"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 7.21.18",
"product": {
"name": "Atlassian Bitbucket \u003c 7.21.18",
"product_id": "T031325",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:7.21.18"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.9.7",
"product": {
"name": "Atlassian Bitbucket \u003c 8.9.7",
"product_id": "T031614",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.9.7"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.11.6",
"product": {
"name": "Atlassian Bitbucket \u003c 8.11.6",
"product_id": "T031615",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.11.6"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.12.4",
"product": {
"name": "Atlassian Bitbucket \u003c 8.12.4",
"product_id": "T031616",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.12.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.13.3",
"product": {
"name": "Atlassian Bitbucket \u003c 8.13.3",
"product_id": "T031617",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.13.3"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.14.2",
"product": {
"name": "Atlassian Bitbucket \u003c 8.14.2",
"product_id": "T031618",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.14.2"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.3.4",
"product": {
"name": "Atlassian Confluence \u003c 8.3.4",
"product_id": "T030846",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.3.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.6.1",
"product": {
"name": "Atlassian Confluence \u003c 8.6.1",
"product_id": "T031326",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.6.1"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 7.19.17",
"product": {
"name": "Atlassian Confluence \u003c 7.19.17",
"product_id": "T031609",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:7.19.17"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.4.5",
"product": {
"name": "Atlassian Confluence \u003c 8.4.5",
"product_id": "T031610",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.4.5"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.5.4",
"product": {
"name": "Atlassian Confluence \u003c 8.5.4",
"product_id": "T031611",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.6.2",
"product": {
"name": "Atlassian Confluence \u003c 8.6.2",
"product_id": "T031612",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.6.2"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.7.1",
"product": {
"name": "Atlassian Confluence \u003c 8.7.1",
"product_id": "T031613",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.7.1"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Jira Software \u003c 9.11.3",
"product": {
"name": "Atlassian Jira Software \u003c 9.11.3",
"product_id": "T031327",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:9.11.3"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software \u003c 9.4.13",
"product": {
"name": "Atlassian Jira Software \u003c 9.4.13",
"product_id": "T031606",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:9.4.13"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software Service Management \u003c 4.20.28",
"product": {
"name": "Atlassian Jira Software Service Management \u003c 4.20.28",
"product_id": "T031607",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software Service Management \u003c 5.4.12",
"product": {
"name": "Atlassian Jira Software Service Management \u003c 5.4.12",
"product_id": "T031608",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12"
}
}
}
],
"category": "product_name",
"name": "Jira Software"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-42794",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-34396",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-34396"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-22521",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-22521"
},
{
"cve": "CVE-2023-22516",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2023-22516"
},
{
"cve": "CVE-2022-45143",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-45143"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-42252",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-41704",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-41704"
},
{
"cve": "CVE-2022-40146",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-40146"
},
{
"cve": "CVE-2022-28366",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-28366"
},
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2021-46877",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2021-46877"
},
{
"cve": "CVE-2021-40690",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2021-40690"
},
{
"cve": "CVE-2021-37714",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2021-37714"
},
{
"cve": "CVE-2021-28165",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2021-28165"
},
{
"cve": "CVE-2020-36518",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2020-36518"
},
{
"cve": "CVE-2017-9735",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2017-9735"
},
{
"cve": "CVE-2017-7656",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
}
],
"product_status": {
"known_affected": [
"T031610",
"T031612",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-11-21T23:00:00.000+00:00",
"title": "CVE-2017-7656"
}
]
}
WID-SEC-W-2024-0107
Vulnerability from csaf_certbund - Published: 2024-01-16 23:00 - Updated: 2024-01-16 23:00Summary
Oracle Communications Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications 3.0.3.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.2
|
— | |
|
Oracle Communications Applications 6.3.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.3.1.0.0
|
— | |
|
Oracle Communications Applications 3.0.3.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:3.0.3.3
|
— | |
|
Oracle Communications Applications 8.1.0.24.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:8.1.0.24.0
|
— | |
|
Oracle Communications Applications 7.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.5.0
|
— | |
|
Oracle Communications Applications 15.0.0.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:15.0.0.0.0
|
— | |
|
Oracle Communications Applications 7.4
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4
|
— | |
|
Oracle Communications Applications 7.4.2
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2
|
— | |
|
Oracle Communications Applications 6.0.1.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.1.0.0
|
— | |
|
Oracle Communications Applications 7.4.1.5.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1.5.0
|
— | |
|
Oracle Communications Applications 7.4.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0
|
— | |
|
Oracle Communications Applications 7.4.2.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.2.8.0
|
— | |
|
Oracle Communications Applications 7.4.1
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.1
|
— | |
|
Oracle Communications Applications 7.4.0.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:7.4.0.7.0
|
— | |
|
Oracle Communications Applications 10.0.1.7.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:10.0.1.7.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications Applications <= 12.0.0.8
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8
|
— | |
|
Oracle Communications Applications <= 12.0.0.8.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.8.0
|
— | |
|
Oracle Communications Applications <= 12.0.0.7
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.0.7
|
— | |
|
Oracle Communications Applications <= 12.0.6.0.0
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:12.0.6.0.0
|
— | |
|
Oracle Communications Applications <= 6.0.3
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:6.0.3
|
— | |
|
Oracle Communications Applications <= 5.5.19
Oracle / Communications Applications
|
cpe:/a:oracle:communications_applications:5.5.19
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0107 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0107.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0107 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0107"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Communications Applications vom 2024-01-16",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixCAGBU"
}
],
"source_lang": "en-US",
"title": "Oracle Communications Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-16T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:44.309+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0107",
"initial_release_date": "2024-01-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.0",
"product": {
"name": "Oracle Communications Applications 7.4.0",
"product_id": "T018938",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.1",
"product": {
"name": "Oracle Communications Applications 7.4.1",
"product_id": "T018939",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.2",
"product": {
"name": "Oracle Communications Applications 7.4.2",
"product_id": "T018940",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 6.0.1.0.0",
"product": {
"name": "Oracle Communications Applications 6.0.1.0.0",
"product_id": "T021634",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:6.0.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.5.0",
"product": {
"name": "Oracle Communications Applications 7.5.0",
"product_id": "T021639",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.5.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4",
"product": {
"name": "Oracle Communications Applications 7.4",
"product_id": "T022811",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 12.0.6.0.0",
"product": {
"name": "Oracle Communications Applications \u003c= 12.0.6.0.0",
"product_id": "T027325",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:12.0.6.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 12.0.0.8.0",
"product": {
"name": "Oracle Communications Applications \u003c= 12.0.0.8.0",
"product_id": "T028669",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:12.0.0.8.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 3.0.3.2",
"product": {
"name": "Oracle Communications Applications 3.0.3.2",
"product_id": "T028670",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:3.0.3.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 10.0.1.7.0",
"product": {
"name": "Oracle Communications Applications 10.0.1.7.0",
"product_id": "T028674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:10.0.1.7.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.0.7.0",
"product": {
"name": "Oracle Communications Applications 7.4.0.7.0",
"product_id": "T028676",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.0.7.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.1.5.0",
"product": {
"name": "Oracle Communications Applications 7.4.1.5.0",
"product_id": "T028677",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.1.5.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 7.4.2.8.0",
"product": {
"name": "Oracle Communications Applications 7.4.2.8.0",
"product_id": "T028678",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:7.4.2.8.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 6.3.1.0.0",
"product": {
"name": "Oracle Communications Applications 6.3.1.0.0",
"product_id": "T030578",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:6.3.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 12.0.0.8",
"product": {
"name": "Oracle Communications Applications \u003c= 12.0.0.8",
"product_id": "T030579",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:12.0.0.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 6.0.3",
"product": {
"name": "Oracle Communications Applications \u003c= 6.0.3",
"product_id": "T030581",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:6.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 12.0.0.7",
"product": {
"name": "Oracle Communications Applications \u003c= 12.0.0.7",
"product_id": "T032083",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:12.0.0.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 15.0.0.0.0",
"product": {
"name": "Oracle Communications Applications 15.0.0.0.0",
"product_id": "T032084",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:15.0.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 3.0.3.3",
"product": {
"name": "Oracle Communications Applications 3.0.3.3",
"product_id": "T032085",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:3.0.3.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications 8.1.0.24.0",
"product": {
"name": "Oracle Communications Applications 8.1.0.24.0",
"product_id": "T032086",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:8.1.0.24.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications Applications \u003c= 5.5.19",
"product": {
"name": "Oracle Communications Applications \u003c= 5.5.19",
"product_id": "T032087",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications_applications:5.5.19"
}
}
}
],
"category": "product_name",
"name": "Communications Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5072",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-45648",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-44981",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44981"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-44483",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-44483"
},
{
"cve": "CVE-2023-42794",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42503",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-42503"
},
{
"cve": "CVE-2023-37536",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-37536"
},
{
"cve": "CVE-2023-34981",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-34981"
},
{
"cve": "CVE-2023-34034",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-31122",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-28823",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-28823"
},
{
"cve": "CVE-2023-25194",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-25194"
},
{
"cve": "CVE-2023-20883",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2023-20883"
},
{
"cve": "CVE-2022-45868",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-45868"
},
{
"cve": "CVE-2022-42920",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-42920"
},
{
"cve": "CVE-2022-36944",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-36944"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2022-31147",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-31147"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2021-4104",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2021-4104"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028670",
"T030578",
"T032085",
"T032086",
"T021639",
"T032084",
"T022811",
"T018940",
"T021634",
"T028677",
"T018938",
"T028678",
"T018939",
"T028676",
"T028674"
],
"last_affected": [
"T030579",
"T028669",
"T032083",
"T027325",
"T030581",
"T032087"
]
},
"release_date": "2024-01-16T23:00:00.000+00:00",
"title": "CVE-2021-37533"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…