Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45133 (GCVE-0-2023-45133)
Vulnerability from cvelistv5 – Published: 2023-10-12 16:17 – Updated: 2025-02-13 17:13
VLAI?
EPSS
Summary
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
Severity ?
9.4 (Critical)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"name": "https://github.com/babel/babel/pull/16033",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"name": "https://github.com/babel/babel/releases/tag/v7.23.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:45:41.131211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:46:03.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "babel",
"vendor": "babel",
"versions": [
{
"status": "affected",
"version": "\u003c 7.23.2"
},
{
"status": "affected",
"version": "\u003e= 8.0.0-alpha.0, \u003c 8.0.0-alpha.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T08:06:11.273Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"name": "https://github.com/babel/babel/pull/16033",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"name": "https://github.com/babel/babel/releases/tag/v7.23.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
}
],
"source": {
"advisory": "GHSA-67hx-6x53-jw92",
"discovery": "UNKNOWN"
},
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45133",
"datePublished": "2023-10-12T16:17:08.624Z",
"dateReserved": "2023-10-04T16:02:46.328Z",
"dateUpdated": "2025-02-13T17:13:48.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*\", \"versionEndExcluding\": \"7.23.2\", \"matchCriteriaId\": \"C20217DD-2967-42B5-A20D-3B7978DEC2D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*\", \"matchCriteriaId\": \"3359A5D4-32F2-4128-8E6D-58C556FE5D4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*\", \"matchCriteriaId\": \"B7A7E551-6CA9-4D22-A8BC-BDA8F3FE4CD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*\", \"matchCriteriaId\": \"0214C42F-5EB9-410E-AB7E-206A5243FEB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*\", \"matchCriteriaId\": \"9E8907AD-4095-4579-BF92-AED3416ADA1E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*\", \"versionEndExcluding\": \"0.4.3\", \"matchCriteriaId\": \"EA4E050F-1B8B-44F6-AA89-6457C7CC074F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*\", \"versionEndExcluding\": \"0.4.6\", \"matchCriteriaId\": \"AE6CEB01-B369-401F-9103-4BBB2FDA267A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*\", \"versionEndExcluding\": \"0.8.5\", \"matchCriteriaId\": \"3E9E5F4A-2CF4-483A-81F9-055E06913969\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*\", \"versionEndExcluding\": \"0.10.0\", \"matchCriteriaId\": \"B9101BDF-A1D8-4CE4-94F3-B7D986548C7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*\", \"versionEndExcluding\": \"0.5.3\", \"matchCriteriaId\": \"9350BCA6-00A4-4581-BC2B-A5077923E354\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*\", \"versionEndExcluding\": \"7.23.2\", \"matchCriteriaId\": \"F42788D8-5501-4FC1-828E-D487A4895986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*\", \"versionEndExcluding\": \"7.23.2\", \"matchCriteriaId\": \"90EF976D-050D-4478-9A6E-D694E7451BAA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \\\"polyfill provider\\\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"}, {\"lang\": \"es\", \"value\": \"Babel es un compilador para escribir JavaScript. En `@babel/traverse` anterior a las versiones 7.23.2 y 8.0.0-alpha.4 y en todas las versiones de `babel-traverse`, el uso de Babel para compilar c\\u00f3digo manipulado espec\\u00edficamente por un atacante puede provocar la ejecuci\\u00f3n de c\\u00f3digo arbitrario durante compilaci\\u00f3n, cuando se utilizan complementos que se basan en los m\\u00e9todos internos de Babel `path.evaluate()`o `path.evaluateTruthy()`. Los complementos afectados conocidos son `@babel/plugin-transform-runtime`; `@babel/preset-env` cuando se usa su opci\\u00f3n `useBuiltIns`; y cualquier complemento de \\\"proveedor de polyfill\\\" que dependa de `@babel/helper-define-polyfill-provider`, como `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin- polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Ning\\u00fan otro complemento bajo el espacio de nombres `@babel/` se ve afectado, pero los complementos de terceros podr\\u00edan verse afectados. Los usuarios que solo compilan c\\u00f3digo confiable no se ven afectados. La vulnerabilidad se ha solucionado en `@babel/traverse@7.23.2` y `@babel/traverse@8.0.0-alpha.4`. Aquellos que no puedan actualizar `@babel/traverse` y est\\u00e9n usando uno de los paquetes afectados mencionados anteriormente deben actualizarlos a su \\u00faltima versi\\u00f3n para evitar activar la ruta de c\\u00f3digo vulnerable en las versiones afectadas `@babel/traverse`: `@babel/plugin- transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, ` babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"}]",
"id": "CVE-2023-45133",
"lastModified": "2024-11-21T08:26:24.603",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}]}",
"published": "2023-10-12T17:15:09.797",
"references": "[{\"url\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/babel/babel/pull/16033\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5528\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/babel/babel/pull/16033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5528\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-184\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-697\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45133\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-12T17:15:09.797\",\"lastModified\":\"2024-11-21T08:26:24.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \\\"polyfill provider\\\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"},{\"lang\":\"es\",\"value\":\"Babel es un compilador para escribir JavaScript. En `@babel/traverse` anterior a las versiones 7.23.2 y 8.0.0-alpha.4 y en todas las versiones de `babel-traverse`, el uso de Babel para compilar c\u00f3digo manipulado espec\u00edficamente por un atacante puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario durante compilaci\u00f3n, cuando se utilizan complementos que se basan en los m\u00e9todos internos de Babel `path.evaluate()`o `path.evaluateTruthy()`. Los complementos afectados conocidos son `@babel/plugin-transform-runtime`; `@babel/preset-env` cuando se usa su opci\u00f3n `useBuiltIns`; y cualquier complemento de \\\"proveedor de polyfill\\\" que dependa de `@babel/helper-define-polyfill-provider`, como `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin- polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Ning\u00fan otro complemento bajo el espacio de nombres `@babel/` se ve afectado, pero los complementos de terceros podr\u00edan verse afectados. Los usuarios que solo compilan c\u00f3digo confiable no se ven afectados. La vulnerabilidad se ha solucionado en `@babel/traverse@7.23.2` y `@babel/traverse@8.0.0-alpha.4`. Aquellos que no puedan actualizar `@babel/traverse` y est\u00e9n usando uno de los paquetes afectados mencionados anteriormente deben actualizarlos a su \u00faltima versi\u00f3n para evitar activar la ruta de c\u00f3digo vulnerable en las versiones afectadas `@babel/traverse`: `@babel/plugin- transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, ` babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-184\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-697\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"C20217DD-2967-42B5-A20D-3B7978DEC2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"3359A5D4-32F2-4128-8E6D-58C556FE5D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"B7A7E551-6CA9-4D22-A8BC-BDA8F3FE4CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"0214C42F-5EB9-410E-AB7E-206A5243FEB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"9E8907AD-4095-4579-BF92-AED3416ADA1E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.4.3\",\"matchCriteriaId\":\"EA4E050F-1B8B-44F6-AA89-6457C7CC074F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.4.6\",\"matchCriteriaId\":\"AE6CEB01-B369-401F-9103-4BBB2FDA267A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.8.5\",\"matchCriteriaId\":\"3E9E5F4A-2CF4-483A-81F9-055E06913969\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.10.0\",\"matchCriteriaId\":\"B9101BDF-A1D8-4CE4-94F3-B7D986548C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.5.3\",\"matchCriteriaId\":\"9350BCA6-00A4-4581-BC2B-A5077923E354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"F42788D8-5501-4FC1-828E-D487A4895986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"90EF976D-050D-4478-9A6E-D694E7451BAA\"}]}]}],\"references\":[{\"url\":\"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/pull/16033\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v7.23.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5528\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/pull/16033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v7.23.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"name\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/pull/16033\", \"name\": \"https://github.com/babel/babel/pull/16033\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"name\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"name\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"name\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5528\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:14:19.735Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45133\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-18T15:45:41.131211Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T15:45:59.409Z\"}}], \"cna\": {\"title\": \"Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code\", \"source\": {\"advisory\": \"GHSA-67hx-6x53-jw92\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"babel\", \"product\": \"babel\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 7.23.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 8.0.0-alpha.0, \u003c 8.0.0-alpha.4\"}]}], \"references\": [{\"url\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"name\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/babel/babel/pull/16033\", \"name\": \"https://github.com/babel/babel/pull/16033\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"name\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"name\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"name\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5528\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \\\"polyfill provider\\\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-184\", \"description\": \"CWE-184: Incomplete List of Disallowed Inputs\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-19T08:06:11.273Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45133\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:13:48.413Z\", \"dateReserved\": \"2023-10-04T16:02:46.328Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-10-12T16:17:08.624Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0074
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Unix versions 6.3.x.x antérieures à 6.3.0.2.iFix005 | ||
| IBM | QRadar Deployment Intelligence App | IBM QRadar Deployment Intelligence App versions antérieures à 3.0.12 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Unix versions 6.2.x.x antérieures à 6.2.0.7.iFix005 | ||
| IBM | QRadar | IBM SOAR QRadar Plugin App versions antérieures à 5.3.1 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Unix versions 6.0.x.x antérieures à 6.0.0.2.iFix159 | ||
| IBM | Storage Protect | IBM Storage Protect Plus vSnap versions 10.1.x antérieures à 10.1.15.3 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Unix versions 6.1.x.x antérieures à 6.1.0.4.iFix099 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Connect:Direct pour Unix versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.2.iFix005",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.12",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Unix versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.7.iFix005",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Unix versions 6.0.x.x ant\u00e9rieures \u00e0 6.0.0.2.iFix159",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Storage Protect Plus vSnap versions 10.1.x ant\u00e9rieures \u00e0 10.1.15.3",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Unix versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.4.iFix099",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38020"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2023-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38019"
},
{
"name": "CVE-2023-47148",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47148"
},
{
"name": "CVE-2023-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38263"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111880 du 24 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7111880"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111720 du 22 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7111720"
}
],
"reference": "CERTFR-2024-AVI-0074",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111720 du 24 janvier 2024",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7096482 du 22 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7096482"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111880 du 25 janvier 2024",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111679 du 24 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7111679"
}
]
}
CERTFR-2024-AVI-0630
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Network Packet Capture versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 Update Package 8",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2021-23436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23436"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2020-28477",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28477"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-43441",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43441"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2021-24033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24033"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-31905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31905"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2018-16487",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16487"
},
{
"name": "CVE-2021-42740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42740"
},
{
"name": "CVE-2016-10538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10538"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0630",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": "2024-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161462",
"url": "https://www.ibm.com/support/pages/node/7161462"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160961",
"url": "https://www.ibm.com/support/pages/node/7160961"
},
{
"published_at": "2024-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160858",
"url": "https://www.ibm.com/support/pages/node/7160858"
}
]
}
CERTFR-2025-AVI-0627
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Remote Server sans le dernier correctif de sécurité | ||
| IBM | QRadar | Security QRadar Network Threat Analytics versions antérieures à 1.4.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 5.1.2 sur CPD | ||
| IBM | Db2 Query Management Facility | DB2 Query Management Facility versions 13.1.x sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Remote Server sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Network Threat Analytics versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 5.1.2 sur CPD",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 13.1.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2 Query Management Facility",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-5629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5629"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-46298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46298"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240466",
"url": "https://www.ibm.com/support/pages/node/7240466"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240530",
"url": "https://www.ibm.com/support/pages/node/7240530"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240471",
"url": "https://www.ibm.com/support/pages/node/7240471"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240267",
"url": "https://www.ibm.com/support/pages/node/7240267"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240474",
"url": "https://www.ibm.com/support/pages/node/7240474"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240250",
"url": "https://www.ibm.com/support/pages/node/7240250"
}
]
}
CERTFR-2024-AVI-0145
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | N/A | IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05 | ||
| IBM | QRadar | IBM QRadar Use Case Manager App versions antérieures à 3.9.0 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | WebSphere | IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22 | ||
| IBM | Db2 | IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | QRadar WinCollect Agent | IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF05",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 3.9.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.22",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.x.x ant\u00e9rieures \u00e0 5.1.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.1.9",
"product": {
"name": "QRadar WinCollect Agent",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.3.x ant\u00e9rieures \u00e0 5.1.9.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-6681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6681"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2023-34053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34053"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2023-46308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47747"
},
{
"name": "CVE-2023-47158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47158"
},
{
"name": "CVE-2022-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23529"
},
{
"name": "CVE-2023-34054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34054"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50308"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2020-28367",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-32559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2023-4586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4586"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2022-29244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47746"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-37276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37276"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2023-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47141"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2023-45193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45193"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2023-47145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47145"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22190"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2020-19909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19909"
},
{
"name": "CVE-2022-48337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48337"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2020-29510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29510"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-48339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34062"
},
{
"name": "CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-36046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36046"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-27859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27859"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2023-32006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-36665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36665"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-14039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-47152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47152"
},
{
"name": "CVE-2023-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
},
{
"name": "CVE-2020-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0145",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117872 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117872"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118592 du 16 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118592"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117873 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118289 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118289"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118351 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118351"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117821 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117821"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117883 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117883"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117881 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117881"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117884 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117884"
}
]
}
CERTFR-2023-AVI-1007
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM Informix Dynamic Server versions antérieures à 14.10.FC10W1 | ||
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics versions antérieures à 4.1.14 | ||
| IBM | Db2 | IBM Db2 versions 10.5.0.x, 11.1.4.x et 11.5.x sans les derniers correctifs de sécurité temporaires (les sorties des versions correctives seront annoncées ultérieurement) |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Informix Dynamic Server versions ant\u00e9rieures \u00e0 14.10.FC10W1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.14",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.5.0.x, 11.1.4.x et 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9 temporaires (les sorties des versions correctives seront annonc\u00e9es ult\u00e9rieurement)",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-28523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2023-28527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2023-28526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1007",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7087225 du 01 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7087225"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7070188 du 04 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7087162 du 01 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7087162"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7090362 du 05 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7090362"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7087234 du 01 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7087234"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7078681 du 01 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7078681"
}
]
}
CERTFR-2025-AVI-0337
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.28 | ||
| IBM | QRadar | QRadar Suite Software versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-35494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35494"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2020-35496",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35496"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2018-18700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18700"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-35495",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35495"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2019-12972",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12972"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2020-35507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35507"
},
{
"name": "CVE-2020-35493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35493"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230739",
"url": "https://www.ibm.com/support/pages/node/7230739"
},
{
"published_at": "2025-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231169",
"url": "https://www.ibm.com/support/pages/node/7231169"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231051",
"url": "https://www.ibm.com/support/pages/node/7231051"
}
]
}
CERTFR-2024-AVI-0180
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 3 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 8 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.2 | ||
| IBM | WebSphere | Websphere Liberty versions antérieures à 23.0.0.12 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cloud Pak | Cognos Dashboards on Cloud Pak for Data versions antérieures à 4.8.3 | ||
| IBM | N/A | Cognos Command Center versions antérieures à 10.2.5 IF1 | ||
| IBM | Cognos Transformer | Cognos Transformer versions antérieures à 11.1.7 Fix Pack 8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Websphere Liberty versions ant\u00e9rieures \u00e0 23.0.0.12",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 IF1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38359"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2023-50324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50324"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2023-30589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-32344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32344"
},
{
"name": "CVE-2023-43051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43051"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2023-30588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
},
{
"name": "CVE-2012-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2018-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-28167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28167"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2010-2084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2084"
},
{
"name": "CVE-2019-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-34357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34357"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2014-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2023-30996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30996"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0180",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112541 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112541"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125640 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125640"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7124466 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7124466"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112504 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112504"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125461 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125461"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7123154 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7123154"
}
]
}
CERTFR-2025-AVI-0627
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Remote Server sans le dernier correctif de sécurité | ||
| IBM | QRadar | Security QRadar Network Threat Analytics versions antérieures à 1.4.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 5.1.2 sur CPD | ||
| IBM | Db2 Query Management Facility | DB2 Query Management Facility versions 13.1.x sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Remote Server sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Network Threat Analytics versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 5.1.2 sur CPD",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 13.1.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2 Query Management Facility",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-5629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5629"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-46298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46298"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240466",
"url": "https://www.ibm.com/support/pages/node/7240466"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240530",
"url": "https://www.ibm.com/support/pages/node/7240530"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240471",
"url": "https://www.ibm.com/support/pages/node/7240471"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240267",
"url": "https://www.ibm.com/support/pages/node/7240267"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240474",
"url": "https://www.ibm.com/support/pages/node/7240474"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240250",
"url": "https://www.ibm.com/support/pages/node/7240250"
}
]
}
CERTFR-2024-AVI-0145
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | N/A | IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05 | ||
| IBM | QRadar | IBM QRadar Use Case Manager App versions antérieures à 3.9.0 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | WebSphere | IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22 | ||
| IBM | Db2 | IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | QRadar WinCollect Agent | IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF05",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 3.9.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.22",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.x.x ant\u00e9rieures \u00e0 5.1.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.1.9",
"product": {
"name": "QRadar WinCollect Agent",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.3.x ant\u00e9rieures \u00e0 5.1.9.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-6681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6681"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2023-34053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34053"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2023-46308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47747"
},
{
"name": "CVE-2023-47158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47158"
},
{
"name": "CVE-2022-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23529"
},
{
"name": "CVE-2023-34054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34054"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50308"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2020-28367",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-32559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2023-4586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4586"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2022-29244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47746"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-37276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37276"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2023-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47141"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2023-45193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45193"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2023-47145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47145"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22190"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2020-19909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19909"
},
{
"name": "CVE-2022-48337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48337"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2020-29510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29510"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-48339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34062"
},
{
"name": "CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-36046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36046"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-27859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27859"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2023-32006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-36665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36665"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-14039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-47152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47152"
},
{
"name": "CVE-2023-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
},
{
"name": "CVE-2020-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0145",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117872 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117872"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118592 du 16 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118592"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117873 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118289 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118289"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118351 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118351"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117821 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117821"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117883 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117883"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117881 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117881"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117884 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117884"
}
]
}
CERTFR-2023-AVI-1007
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM Informix Dynamic Server versions antérieures à 14.10.FC10W1 | ||
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics versions antérieures à 4.1.14 | ||
| IBM | Db2 | IBM Db2 versions 10.5.0.x, 11.1.4.x et 11.5.x sans les derniers correctifs de sécurité temporaires (les sorties des versions correctives seront annoncées ultérieurement) |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Informix Dynamic Server versions ant\u00e9rieures \u00e0 14.10.FC10W1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.14",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions 10.5.0.x, 11.1.4.x et 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9 temporaires (les sorties des versions correctives seront annonc\u00e9es ult\u00e9rieurement)",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-28523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2023-28527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2023-28526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1007",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7087225 du 01 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7087225"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7070188 du 04 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7087162 du 01 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7087162"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7090362 du 05 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7090362"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7087234 du 01 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7087234"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7078681 du 01 d\u00e9cembre 2023",
"url": "https://www.ibm.com/support/pages/node/7078681"
}
]
}
CERTFR-2024-AVI-0180
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 3 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 8 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.2 | ||
| IBM | WebSphere | Websphere Liberty versions antérieures à 23.0.0.12 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cloud Pak | Cognos Dashboards on Cloud Pak for Data versions antérieures à 4.8.3 | ||
| IBM | N/A | Cognos Command Center versions antérieures à 10.2.5 IF1 | ||
| IBM | Cognos Transformer | Cognos Transformer versions antérieures à 11.1.7 Fix Pack 8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Websphere Liberty versions ant\u00e9rieures \u00e0 23.0.0.12",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 IF1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38359"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2023-50324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50324"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2023-30589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-32344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32344"
},
{
"name": "CVE-2023-43051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43051"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2023-30588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
},
{
"name": "CVE-2012-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2018-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-28167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28167"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2010-2084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2084"
},
{
"name": "CVE-2019-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-34357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34357"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2014-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2023-30996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30996"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0180",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112541 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112541"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125640 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125640"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7124466 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7124466"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112504 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112504"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125461 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125461"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7123154 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7123154"
}
]
}
CERTFR-2024-AVI-0074
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Unix versions 6.3.x.x antérieures à 6.3.0.2.iFix005 | ||
| IBM | QRadar Deployment Intelligence App | IBM QRadar Deployment Intelligence App versions antérieures à 3.0.12 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Unix versions 6.2.x.x antérieures à 6.2.0.7.iFix005 | ||
| IBM | QRadar | IBM SOAR QRadar Plugin App versions antérieures à 5.3.1 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Unix versions 6.0.x.x antérieures à 6.0.0.2.iFix159 | ||
| IBM | Storage Protect | IBM Storage Protect Plus vSnap versions 10.1.x antérieures à 10.1.15.3 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Unix versions 6.1.x.x antérieures à 6.1.0.4.iFix099 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Connect:Direct pour Unix versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.2.iFix005",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.12",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Unix versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.7.iFix005",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Unix versions 6.0.x.x ant\u00e9rieures \u00e0 6.0.0.2.iFix159",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Storage Protect Plus vSnap versions 10.1.x ant\u00e9rieures \u00e0 10.1.15.3",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Unix versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.4.iFix099",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38020"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2023-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38019"
},
{
"name": "CVE-2023-47148",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47148"
},
{
"name": "CVE-2023-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38263"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111880 du 24 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7111880"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111720 du 22 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7111720"
}
],
"reference": "CERTFR-2024-AVI-0074",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111720 du 24 janvier 2024",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7096482 du 22 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7096482"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111880 du 25 janvier 2024",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7111679 du 24 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7111679"
}
]
}
CERTFR-2024-AVI-0015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | N/A | Splunk User Behavior Analytics (UBA) versions antérieures à 5.2.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise Security (ES) versions antérieures à 7.1.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk User Behavior Analytics (UBA) versions ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise Security (ES) versions ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2021-23446",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23446"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-32695",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32695"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2024-22164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22164"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2024-22165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22165"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSplunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0103 du 09 janvier 2024",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0104 du 09 janvier 2024",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0104"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0102 du 09 janvier 2024",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0101 du 09 janvier 2024",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0101"
}
]
}
CERTFR-2024-AVI-0086
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Juniper. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Secure Analytics - Log Collector versions antérieures à v1.8.4 | ||
| Juniper Networks | Secure Analytics | Secure Analytics - Deployment Intelligence App versions antérieures à 3.0.12 | ||
| Juniper Networks | Secure Analytics | Secure Analytics versions antérieures à 7.5.0 UP7 | ||
| Juniper Networks | Secure Analytics | Secure Analytics - User Behavior Analytics Application add-on versions antérieures à 4.1.14 | ||
| Juniper Networks | Secure Analytics | Secure Analytics - SOAR Plugin App versions antérieures à 5.3.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Analytics - Log Collector versions ant\u00e9rieures \u00e0 v1.8.4",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics - Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.12",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP7",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics - User Behavior Analytics Application add-on versions ant\u00e9rieures \u00e0 4.1.14",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics - SOAR Plugin App versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38020"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4048"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-21611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38019"
},
{
"name": "CVE-2023-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38263"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0086",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA76715 du 1 f\u00e9vrier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved-in-7-5-0-UP7-IF04?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA76718 du 1 f\u00e9vrier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved-in-JSA-Applications?language=en_US"
}
]
}
CERTFR-2024-AVI-0086
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Juniper. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Secure Analytics - Log Collector versions antérieures à v1.8.4 | ||
| Juniper Networks | Secure Analytics | Secure Analytics - Deployment Intelligence App versions antérieures à 3.0.12 | ||
| Juniper Networks | Secure Analytics | Secure Analytics versions antérieures à 7.5.0 UP7 | ||
| Juniper Networks | Secure Analytics | Secure Analytics - User Behavior Analytics Application add-on versions antérieures à 4.1.14 | ||
| Juniper Networks | Secure Analytics | Secure Analytics - SOAR Plugin App versions antérieures à 5.3.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Analytics - Log Collector versions ant\u00e9rieures \u00e0 v1.8.4",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics - Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.12",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP7",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics - User Behavior Analytics Application add-on versions ant\u00e9rieures \u00e0 4.1.14",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics - SOAR Plugin App versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38020"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4048"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-21611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38019"
},
{
"name": "CVE-2023-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38263"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0086",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA76715 du 1 f\u00e9vrier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved-in-7-5-0-UP7-IF04?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA76718 du 1 f\u00e9vrier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved-in-JSA-Applications?language=en_US"
}
]
}
CERTFR-2024-AVI-0010
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM OS Image pour AIX Systems versions antérieures à AIX 7.2 TL5 SP6 sur Cloud Pak System versions antérieures à V2.3.3.7 Interim Fix 01 | ||
| IBM | N/A | IBM Db2 on Cloud Pak for Data versions antérieures à v4.8 | ||
| IBM | N/A | Db2 Warehouse on Cloud Pak for Data versions antérieures à v4.8 | ||
| IBM | Db2 | IBM Db2 Web Query for i versions antérieures à 2.4.0 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM OS Image pour AIX Systems versions ant\u00e9rieures \u00e0 AIX 7.2 TL5 SP6 sur Cloud Pak System versions ant\u00e9rieures \u00e0 V2.3.3.7 Interim Fix 01",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query for i versions ant\u00e9rieures \u00e0 2.4.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2022-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-43646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43646"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2017-15708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15708"
},
{
"name": "CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0010",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7105215 du 03 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7105215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7105138 du 03 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7105138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7104447 du 02 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7104447"
}
]
}
CERTFR-2024-AVI-0923
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010 | ||
| IBM | QRadar | QRadar Assistant versions antérieures à 3.8.1 | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.5.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0144"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2023-25166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25166"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28856"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2018-12538",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12538"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2022-36943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36943"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38009"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43383"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2018-12545",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-41784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41784"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"name": "CVE-2022-24736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24736"
},
{
"name": "CVE-2024-25042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25042"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2020-15168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
},
{
"name": "CVE-2023-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29262"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2022-24735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24735"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2012-2677",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631",
"url": "https://www.ibm.com/support/pages/node/7173631"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015",
"url": "https://www.ibm.com/support/pages/node/7174015"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632",
"url": "https://www.ibm.com/support/pages/node/7173632"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691",
"url": "https://www.ibm.com/support/pages/node/7172691"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692",
"url": "https://www.ibm.com/support/pages/node/7172692"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592",
"url": "https://www.ibm.com/support/pages/node/7173592"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866",
"url": "https://www.ibm.com/support/pages/node/7173866"
}
]
}
CERTFR-2025-AVI-0337
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.28 | ||
| IBM | QRadar | QRadar Suite Software versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-35494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35494"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2020-35496",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35496"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2018-18700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18700"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-35495",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35495"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2019-12972",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12972"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2020-35507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35507"
},
{
"name": "CVE-2020-35493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35493"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230739",
"url": "https://www.ibm.com/support/pages/node/7230739"
},
{
"published_at": "2025-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231169",
"url": "https://www.ibm.com/support/pages/node/7231169"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231051",
"url": "https://www.ibm.com/support/pages/node/7231051"
}
]
}
CERTFR-2024-AVI-0923
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010 | ||
| IBM | QRadar | QRadar Assistant versions antérieures à 3.8.1 | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.5.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0144"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2023-25166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25166"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28856"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2018-12538",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12538"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2022-36943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36943"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38009"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43383"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2018-12545",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-41784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41784"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"name": "CVE-2022-24736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24736"
},
{
"name": "CVE-2024-25042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25042"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2020-15168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
},
{
"name": "CVE-2023-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29262"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2022-24735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24735"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2012-2677",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631",
"url": "https://www.ibm.com/support/pages/node/7173631"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015",
"url": "https://www.ibm.com/support/pages/node/7174015"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632",
"url": "https://www.ibm.com/support/pages/node/7173632"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691",
"url": "https://www.ibm.com/support/pages/node/7172691"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692",
"url": "https://www.ibm.com/support/pages/node/7172692"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592",
"url": "https://www.ibm.com/support/pages/node/7173592"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866",
"url": "https://www.ibm.com/support/pages/node/7173866"
}
]
}
CERTFR-2024-AVI-0010
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM OS Image pour AIX Systems versions antérieures à AIX 7.2 TL5 SP6 sur Cloud Pak System versions antérieures à V2.3.3.7 Interim Fix 01 | ||
| IBM | N/A | IBM Db2 on Cloud Pak for Data versions antérieures à v4.8 | ||
| IBM | N/A | Db2 Warehouse on Cloud Pak for Data versions antérieures à v4.8 | ||
| IBM | Db2 | IBM Db2 Web Query for i versions antérieures à 2.4.0 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM OS Image pour AIX Systems versions ant\u00e9rieures \u00e0 AIX 7.2 TL5 SP6 sur Cloud Pak System versions ant\u00e9rieures \u00e0 V2.3.3.7 Interim Fix 01",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query for i versions ant\u00e9rieures \u00e0 2.4.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2022-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-43646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43646"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2017-15708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15708"
},
{
"name": "CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0010",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7105215 du 03 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7105215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7105138 du 03 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7105138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7104447 du 02 janvier 2024",
"url": "https://www.ibm.com/support/pages/node/7104447"
}
]
}
CERTFR-2024-AVI-0630
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Network Packet Capture versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 Update Package 8",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2021-23436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23436"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2020-28477",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28477"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-43441",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43441"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2021-24033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24033"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-31905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31905"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2018-16487",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16487"
},
{
"name": "CVE-2021-42740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42740"
},
{
"name": "CVE-2016-10538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10538"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2021-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3757"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0630",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": "2024-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161462",
"url": "https://www.ibm.com/support/pages/node/7161462"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160961",
"url": "https://www.ibm.com/support/pages/node/7160961"
},
{
"published_at": "2024-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160858",
"url": "https://www.ibm.com/support/pages/node/7160858"
}
]
}
CERTFR-2024-AVI-0015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | N/A | Splunk User Behavior Analytics (UBA) versions antérieures à 5.2.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise Security (ES) versions antérieures à 7.1.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk User Behavior Analytics (UBA) versions ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise Security (ES) versions ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2021-23446",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23446"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-32695",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32695"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2024-22164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22164"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2024-22165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22165"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSplunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0103 du 09 janvier 2024",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0104 du 09 janvier 2024",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0104"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0102 du 09 janvier 2024",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0101 du 09 janvier 2024",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0101"
}
]
}
OPENSUSE-SU-2025:14663-1
Vulnerability from csaf_opensuse - Published: 2025-01-17 00:00 - Updated: 2025-01-17 00:00Summary
velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media
Notes
Title of the patch
velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media
Description of the patch
These are all security issues fixed in the velociraptor-0.7.0.4.git142.862ef23-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14663
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git142.862ef23-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14663",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14663-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14663-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IL7QOYRPFRGRS6UKU6ZYHI76FWFFUJNK/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14663-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IL7QOYRPFRGRS6UKU6ZYHI76FWFFUJNK/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1732 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44270 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45133 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45683 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46234 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21538 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23331 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24786 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-31207 page",
"url": "https://www.suse.com/security/cve/CVE-2024-31207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-37298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-37298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4067 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42459 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42460 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42461 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45296 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45811 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47875 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-48948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-48948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-48949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-48949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-51744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-51744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-55565 page",
"url": "https://www.suse.com/security/cve/CVE-2024-55565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6104/"
}
],
"title": "velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-17T00:00:00Z",
"generator": {
"date": "2025-01-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14663-1",
"initial_release_date": "2025-01-17T00:00:00Z",
"revision_history": [
{
"date": "2025-01-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"product_id": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1732"
}
],
"notes": [
{
"category": "general",
"text": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1732",
"url": "https://www.suse.com/security/cve/CVE-2023-1732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-1732"
},
{
"cve": "CVE-2023-44270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44270"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44270",
"url": "https://www.suse.com/security/cve/CVE-2023-44270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-44270"
},
{
"cve": "CVE-2023-45133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45133"
}
],
"notes": [
{
"category": "general",
"text": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45133",
"url": "https://www.suse.com/security/cve/CVE-2023-45133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2023-45683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45683"
}
],
"notes": [
{
"category": "general",
"text": "github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim\u0027s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45683",
"url": "https://www.suse.com/security/cve/CVE-2023-45683"
},
{
"category": "external",
"summary": "SUSE Bug 1216308 for CVE-2023-45683",
"url": "https://bugzilla.suse.com/1216308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-45683"
},
{
"cve": "CVE-2023-46234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46234"
}
],
"notes": [
{
"category": "general",
"text": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46234",
"url": "https://www.suse.com/security/cve/CVE-2023-46234"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46234"
},
{
"cve": "CVE-2024-21538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21538"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21538",
"url": "https://www.suse.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "SUSE Bug 1233843 for CVE-2024-21538",
"url": "https://bugzilla.suse.com/1233843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-21538"
},
{
"cve": "CVE-2024-23331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23331"
}
],
"notes": [
{
"category": "general",
"text": "Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn\u0027t discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23331",
"url": "https://www.suse.com/security/cve/CVE-2024-23331"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-23331"
},
{
"cve": "CVE-2024-24786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24786"
}
],
"notes": [
{
"category": "general",
"text": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24786",
"url": "https://www.suse.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "SUSE Bug 1226136 for CVE-2024-24786",
"url": "https://bugzilla.suse.com/1226136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-31207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-31207"
}
],
"notes": [
{
"category": "general",
"text": "Vite (French word for \"quick\", pronounced /vit/, like \"veet\") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-31207",
"url": "https://www.suse.com/security/cve/CVE-2024-31207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-31207"
},
{
"cve": "CVE-2024-37298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-37298"
}
],
"notes": [
{
"category": "general",
"text": "gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-37298",
"url": "https://www.suse.com/security/cve/CVE-2024-37298"
},
{
"category": "external",
"summary": "SUSE Bug 1227309 for CVE-2024-37298",
"url": "https://bugzilla.suse.com/1227309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-37298"
},
{
"cve": "CVE-2024-4067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4067"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4067",
"url": "https://www.suse.com/security/cve/CVE-2024-4067"
},
{
"category": "external",
"summary": "SUSE Bug 1224255 for CVE-2024-4067",
"url": "https://bugzilla.suse.com/1224255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4067"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-42459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42459"
}
],
"notes": [
{
"category": "general",
"text": "In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42459",
"url": "https://www.suse.com/security/cve/CVE-2024-42459"
},
{
"category": "external",
"summary": "SUSE Bug 1232538 for CVE-2024-42459",
"url": "https://bugzilla.suse.com/1232538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-42459"
},
{
"cve": "CVE-2024-42460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42460"
}
],
"notes": [
{
"category": "general",
"text": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42460",
"url": "https://www.suse.com/security/cve/CVE-2024-42460"
},
{
"category": "external",
"summary": "SUSE Bug 1232538 for CVE-2024-42460",
"url": "https://bugzilla.suse.com/1232538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-42460"
},
{
"cve": "CVE-2024-42461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42461"
}
],
"notes": [
{
"category": "general",
"text": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42461",
"url": "https://www.suse.com/security/cve/CVE-2024-42461"
},
{
"category": "external",
"summary": "SUSE Bug 1232538 for CVE-2024-42461",
"url": "https://bugzilla.suse.com/1232538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-42461"
},
{
"cve": "CVE-2024-45296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45296"
}
],
"notes": [
{
"category": "general",
"text": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45296",
"url": "https://www.suse.com/security/cve/CVE-2024-45296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2024-45811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45811"
}
],
"notes": [
{
"category": "general",
"text": "Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import\u0026raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45811",
"url": "https://www.suse.com/security/cve/CVE-2024-45811"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45811"
},
{
"cve": "CVE-2024-45812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45812"
}
],
"notes": [
{
"category": "general",
"text": "Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`. However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser\u0027s named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server. This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45812",
"url": "https://www.suse.com/security/cve/CVE-2024-45812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45812"
},
{
"cve": "CVE-2024-47068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47068"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47068",
"url": "https://www.suse.com/security/cve/CVE-2024-47068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47068"
},
{
"cve": "CVE-2024-47875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47875"
}
],
"notes": [
{
"category": "general",
"text": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47875",
"url": "https://www.suse.com/security/cve/CVE-2024-47875"
},
{
"category": "external",
"summary": "SUSE Bug 1231571 for CVE-2024-47875",
"url": "https://bugzilla.suse.com/1231571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-48948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-48948"
}
],
"notes": [
{
"category": "general",
"text": "The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve\u0027s base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-48948",
"url": "https://www.suse.com/security/cve/CVE-2024-48948"
},
{
"category": "external",
"summary": "SUSE Bug 1231681 for CVE-2024-48948",
"url": "https://bugzilla.suse.com/1231681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-48948"
},
{
"cve": "CVE-2024-48949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-48949"
}
],
"notes": [
{
"category": "general",
"text": "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-48949",
"url": "https://www.suse.com/security/cve/CVE-2024-48949"
},
{
"category": "external",
"summary": "SUSE Bug 1231557 for CVE-2024-48949",
"url": "https://bugzilla.suse.com/1231557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-48949"
},
{
"cve": "CVE-2024-51744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-51744"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-51744",
"url": "https://www.suse.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "SUSE Bug 1232936 for CVE-2024-51744",
"url": "https://bugzilla.suse.com/1232936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2024-51744"
},
{
"cve": "CVE-2024-55565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-55565"
}
],
"notes": [
{
"category": "general",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-55565",
"url": "https://www.suse.com/security/cve/CVE-2024-55565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-55565"
},
{
"cve": "CVE-2024-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6104"
}
],
"notes": [
{
"category": "general",
"text": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6104",
"url": "https://www.suse.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1227024 for CVE-2024-6104",
"url": "https://bugzilla.suse.com/1227024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-6104"
}
]
}
OPENSUSE-SU-2024:13360-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
teleport-14.1.1-1.1 on GA media
Notes
Title of the patch
teleport-14.1.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the teleport-14.1.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13360
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "teleport-14.1.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the teleport-14.1.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13360",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13360-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45133 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
}
],
"title": "teleport-14.1.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13360-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "teleport-14.1.1-1.1.aarch64",
"product": {
"name": "teleport-14.1.1-1.1.aarch64",
"product_id": "teleport-14.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-14.1.1-1.1.aarch64",
"product": {
"name": "teleport-tbot-14.1.1-1.1.aarch64",
"product_id": "teleport-tbot-14.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-14.1.1-1.1.aarch64",
"product": {
"name": "teleport-tctl-14.1.1-1.1.aarch64",
"product_id": "teleport-tctl-14.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-14.1.1-1.1.aarch64",
"product": {
"name": "teleport-tsh-14.1.1-1.1.aarch64",
"product_id": "teleport-tsh-14.1.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-14.1.1-1.1.ppc64le",
"product": {
"name": "teleport-14.1.1-1.1.ppc64le",
"product_id": "teleport-14.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tbot-14.1.1-1.1.ppc64le",
"product": {
"name": "teleport-tbot-14.1.1-1.1.ppc64le",
"product_id": "teleport-tbot-14.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tctl-14.1.1-1.1.ppc64le",
"product": {
"name": "teleport-tctl-14.1.1-1.1.ppc64le",
"product_id": "teleport-tctl-14.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tsh-14.1.1-1.1.ppc64le",
"product": {
"name": "teleport-tsh-14.1.1-1.1.ppc64le",
"product_id": "teleport-tsh-14.1.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-14.1.1-1.1.s390x",
"product": {
"name": "teleport-14.1.1-1.1.s390x",
"product_id": "teleport-14.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tbot-14.1.1-1.1.s390x",
"product": {
"name": "teleport-tbot-14.1.1-1.1.s390x",
"product_id": "teleport-tbot-14.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tctl-14.1.1-1.1.s390x",
"product": {
"name": "teleport-tctl-14.1.1-1.1.s390x",
"product_id": "teleport-tctl-14.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tsh-14.1.1-1.1.s390x",
"product": {
"name": "teleport-tsh-14.1.1-1.1.s390x",
"product_id": "teleport-tsh-14.1.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-14.1.1-1.1.x86_64",
"product": {
"name": "teleport-14.1.1-1.1.x86_64",
"product_id": "teleport-14.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-14.1.1-1.1.x86_64",
"product": {
"name": "teleport-tbot-14.1.1-1.1.x86_64",
"product_id": "teleport-tbot-14.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-14.1.1-1.1.x86_64",
"product": {
"name": "teleport-tctl-14.1.1-1.1.x86_64",
"product_id": "teleport-tctl-14.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-14.1.1-1.1.x86_64",
"product": {
"name": "teleport-tsh-14.1.1-1.1.x86_64",
"product_id": "teleport-tsh-14.1.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-14.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64"
},
"product_reference": "teleport-14.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-14.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le"
},
"product_reference": "teleport-14.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-14.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x"
},
"product_reference": "teleport-14.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-14.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64"
},
"product_reference": "teleport-14.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-14.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64"
},
"product_reference": "teleport-tbot-14.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-14.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le"
},
"product_reference": "teleport-tbot-14.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-14.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x"
},
"product_reference": "teleport-tbot-14.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-14.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64"
},
"product_reference": "teleport-tbot-14.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-14.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64"
},
"product_reference": "teleport-tctl-14.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-14.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le"
},
"product_reference": "teleport-tctl-14.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-14.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x"
},
"product_reference": "teleport-tctl-14.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-14.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64"
},
"product_reference": "teleport-tctl-14.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-14.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64"
},
"product_reference": "teleport-tsh-14.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-14.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le"
},
"product_reference": "teleport-tsh-14.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-14.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x"
},
"product_reference": "teleport-tsh-14.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-14.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
},
"product_reference": "teleport-tsh-14.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45133"
}
],
"notes": [
{
"category": "general",
"text": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45133",
"url": "https://www.suse.com/security/cve/CVE-2023-45133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:teleport-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-14.1.1-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-14.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
}
]
}
FKIE_CVE-2023-45133
Vulnerability from fkie_nvd - Published: 2023-10-12 17:15 - Updated: 2024-11-21 08:26
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| babeljs | babel | * | |
| babeljs | babel | 8.0.0 | |
| babeljs | babel | 8.0.0 | |
| babeljs | babel | 8.0.0 | |
| babeljs | babel | 8.0.0 | |
| babeljs | babel-helper-define-polyfill-provider | * | |
| babeljs | babel-plugin-polyfill-corejs2 | * | |
| babeljs | babel-plugin-polyfill-corejs3 | * | |
| babeljs | babel-plugin-polyfill-es-shims | * | |
| babeljs | babel-plugin-polyfill-regenerator | * | |
| babeljs | babel-plugin-transform-runtime | * | |
| babeljs | babel-preset-env | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "C20217DD-2967-42B5-A20D-3B7978DEC2D3",
"versionEndExcluding": "7.23.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*",
"matchCriteriaId": "3359A5D4-32F2-4128-8E6D-58C556FE5D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*",
"matchCriteriaId": "B7A7E551-6CA9-4D22-A8BC-BDA8F3FE4CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*",
"matchCriteriaId": "0214C42F-5EB9-410E-AB7E-206A5243FEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*",
"matchCriteriaId": "9E8907AD-4095-4579-BF92-AED3416ADA1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "EA4E050F-1B8B-44F6-AA89-6457C7CC074F",
"versionEndExcluding": "0.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "AE6CEB01-B369-401F-9103-4BBB2FDA267A",
"versionEndExcluding": "0.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "3E9E5F4A-2CF4-483A-81F9-055E06913969",
"versionEndExcluding": "0.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "B9101BDF-A1D8-4CE4-94F3-B7D986548C7E",
"versionEndExcluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "9350BCA6-00A4-4581-BC2B-A5077923E354",
"versionEndExcluding": "0.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "F42788D8-5501-4FC1-828E-D487A4895986",
"versionEndExcluding": "7.23.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*",
"matchCriteriaId": "90EF976D-050D-4478-9A6E-D694E7451BAA",
"versionEndExcluding": "7.23.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
},
{
"lang": "es",
"value": "Babel es un compilador para escribir JavaScript. En `@babel/traverse` anterior a las versiones 7.23.2 y 8.0.0-alpha.4 y en todas las versiones de `babel-traverse`, el uso de Babel para compilar c\u00f3digo manipulado espec\u00edficamente por un atacante puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario durante compilaci\u00f3n, cuando se utilizan complementos que se basan en los m\u00e9todos internos de Babel `path.evaluate()`o `path.evaluateTruthy()`. Los complementos afectados conocidos son `@babel/plugin-transform-runtime`; `@babel/preset-env` cuando se usa su opci\u00f3n `useBuiltIns`; y cualquier complemento de \"proveedor de polyfill\" que dependa de `@babel/helper-define-polyfill-provider`, como `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin- polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Ning\u00fan otro complemento bajo el espacio de nombres `@babel/` se ve afectado, pero los complementos de terceros podr\u00edan verse afectados. Los usuarios que solo compilan c\u00f3digo confiable no se ven afectados. La vulnerabilidad se ha solucionado en `@babel/traverse@7.23.2` y `@babel/traverse@8.0.0-alpha.4`. Aquellos que no puedan actualizar `@babel/traverse` y est\u00e9n usando uno de los paquetes afectados mencionados anteriormente deben actualizarlos a su \u00faltima versi\u00f3n para evitar activar la ruta de c\u00f3digo vulnerable en las versiones afectadas `@babel/traverse`: `@babel/plugin- transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, ` babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
],
"id": "CVE-2023-45133",
"lastModified": "2024-11-21T08:26:24.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-12T17:15:09.797",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5528"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-184"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SSA-682326
Vulnerability from csaf_siemens - Published: 2025-11-11 00:00 - Updated: 2025-11-11 00:00Summary
SSA-682326: Multiple Vulnerabilities in COMOS before V10.4.5
Notes
Summary
COMOS is affected by two vulnerabilities that could allow an attacker to execute arbitrary code or lead to data infiltration.
Siemens has released a new version for COMOS and recommends to update to the latest version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "COMOS is affected by two vulnerabilities that could allow an attacker to execute arbitrary code or lead to data infiltration. \n\nSiemens has released a new version for COMOS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-682326: Multiple Vulnerabilities in COMOS before V10.4.5 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-682326.html"
},
{
"category": "self",
"summary": "SSA-682326: Multiple Vulnerabilities in COMOS before V10.4.5 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-682326.json"
}
],
"title": "SSA-682326: Multiple Vulnerabilities in COMOS before V10.4.5",
"tracking": {
"current_release_date": "2025-11-11T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-682326",
"initial_release_date": "2025-11-11T00:00:00Z",
"revision_history": [
{
"date": "2025-11-11T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.4.5",
"product": {
"name": "COMOS",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.4.5",
"product": {
"name": "COMOS",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "COMOS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45133",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "summary",
"text": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V10.4.5 or later version",
"product_ids": [
"1"
],
"url": "https://support.sw.siemens.com/product/222981661/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"2"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V10.4.5 or later version",
"product_ids": [
"2"
],
"url": "https://support.sw.siemens.com/product/222981661/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"2"
]
}
],
"title": "CVE-2024-0056"
}
]
}
ICSA-25-317-15
Vulnerability from csaf_cisa - Published: 2025-11-11 00:00 - Updated: 2025-11-11 00:00Summary
Siemens COMOS
Notes
Summary
COMOS is affected by two vulnerabilities that could allow an attacker to execute arbitrary code or lead to data infiltration.
Siemens has released a new version for COMOS and recommends to update to the latest version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-682326 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "COMOS is affected by two vulnerabilities that could allow an attacker to execute arbitrary code or lead to data infiltration. \n\nSiemens has released a new version for COMOS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-682326 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-682326: Multiple Vulnerabilities in COMOS before V10.4.5 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-682326.json"
},
{
"category": "self",
"summary": "SSA-682326: Multiple Vulnerabilities in COMOS before V10.4.5 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-682326.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-317-15 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-317-15.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-317-15 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-15"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens COMOS",
"tracking": {
"current_release_date": "2025-11-11T00:00:00.000000Z",
"generator": {
"date": "2025-11-13T15:08:52.829524Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-317-15",
"initial_release_date": "2025-11-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2025-11-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.4.5",
"product": {
"name": "COMOS",
"product_id": "CSAFPID-0001"
}
},
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.4.5",
"product": {
"name": "COMOS",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "COMOS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45133",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "summary",
"text": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V10.4.5 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.sw.siemens.com/product/222981661/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V10.4.5 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/product/222981661/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "CVE-2024-0056"
}
]
}
GHSA-67HX-6X53-JW92
Vulnerability from github – Published: 2023-10-16 13:55 – Updated: 2024-04-04 14:26
VLAI?
Summary
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Details
Impact
Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate()or path.evaluateTruthy() internal Babel methods.
Known affected plugins are:
- @babel/plugin-transform-runtime
- @babel/preset-env when using its useBuiltIns option
- Any "polyfill provider" plugin that depends on @babel/helper-define-polyfill-provider, such as babel-plugin-polyfill-corejs3, babel-plugin-polyfill-corejs2, babel-plugin-polyfill-es-shims, babel-plugin-polyfill-regenerator
No other plugins under the @babel/ namespace are impacted, but third-party plugins might be.
Users that only compile trusted code are not impacted.
Patches
The vulnerability has been fixed in @babel/traverse@7.23.2.
Babel 6 does not receive security fixes anymore (see Babel's security policy), hence there is no patch planned for babel-traverse@6.
Workarounds
- Upgrade
@babel/traverseto v7.23.2 or higher. You can do this by deleting it from your package manager's lockfile and re-installing the dependencies.@babel/core>=7.23.2 will automatically pull in a non-vulnerable version. - If you cannot upgrade
@babel/traverseand are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected@babel/traverseversions: @babel/plugin-transform-runtimev7.23.2@babel/preset-envv7.23.2@babel/helper-define-polyfill-providerv0.4.3babel-plugin-polyfill-corejs2v0.4.6babel-plugin-polyfill-corejs3v0.8.5babel-plugin-polyfill-es-shimsv0.10.0babel-plugin-polyfill-regeneratorv0.5.3
Severity ?
9.3 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@babel/traverse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.23.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@babel/traverse"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0-alpha.0"
},
{
"fixed": "8.0.0-alpha.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 7.23.2"
},
"package": {
"ecosystem": "npm",
"name": "babel-traverse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-45133"
],
"database_specific": {
"cwe_ids": [
"CWE-184",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-16T13:55:36Z",
"nvd_published_at": "2023-10-12T17:15:09Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nUsing Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods.\n\nKnown affected plugins are:\n- `@babel/plugin-transform-runtime`\n- `@babel/preset-env` when using its [`useBuiltIns`](https://babeljs.io/docs/babel-preset-env#usebuiltins) option\n- Any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`\n\nNo other plugins under the `@babel/` namespace are impacted, but third-party plugins might be.\n\n**Users that only compile trusted code are not impacted.**\n\n### Patches\n\nThe vulnerability has been fixed in `@babel/traverse@7.23.2`.\n\nBabel 6 does not receive security fixes anymore (see [Babel\u0027s security policy](https://github.com/babel/babel/security/policy)), hence there is no patch planned for `babel-traverse@6`.\n\n### Workarounds\n\n- Upgrade `@babel/traverse` to v7.23.2 or higher. You can do this by deleting it from your package manager\u0027s lockfile and re-installing the dependencies. `@babel/core` \u003e=7.23.2 will automatically pull in a non-vulnerable version.\n- If you cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions:\n - `@babel/plugin-transform-runtime` v7.23.2\n - `@babel/preset-env` v7.23.2\n - `@babel/helper-define-polyfill-provider` v0.4.3\n - `babel-plugin-polyfill-corejs2` v0.4.6\n - `babel-plugin-polyfill-corejs3` v0.8.5\n - `babel-plugin-polyfill-es-shims` v0.10.0\n - `babel-plugin-polyfill-regenerator` v0.5.3",
"id": "GHSA-67hx-6x53-jw92",
"modified": "2024-04-04T14:26:10Z",
"published": "2023-10-16T13:55:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45133"
},
{
"type": "WEB",
"url": "https://github.com/babel/babel/pull/16033"
},
{
"type": "WEB",
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"type": "WEB",
"url": "https://babeljs.io/blog/2023/10/16/cve-2023-45133"
},
{
"type": "PACKAGE",
"url": "https://github.com/babel/babel"
},
{
"type": "WEB",
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"type": "WEB",
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5528"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"
}
GSD-2023-45133
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-45133",
"id": "GSD-2023-45133"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-45133"
],
"details": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"id": "GSD-2023-45133",
"modified": "2023-12-13T01:20:38.398768Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-45133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "babel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 7.23.2"
},
{
"version_affected": "=",
"version_value": "\u003e= 8.0.0-alpha.0, \u003c 8.0.0-alpha.4"
}
]
}
}
]
},
"vendor_name": "babel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-184",
"lang": "eng",
"value": "CWE-184: Incomplete List of Disallowed Inputs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"refsource": "MISC",
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"name": "https://github.com/babel/babel/pull/16033",
"refsource": "MISC",
"url": "https://github.com/babel/babel/pull/16033"
},
{
"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"refsource": "MISC",
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"name": "https://github.com/babel/babel/releases/tag/v7.23.2",
"refsource": "MISC",
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"refsource": "MISC",
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"name": "https://www.debian.org/security/2023/dsa-5528",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
}
]
},
"source": {
"advisory": "GHSA-67hx-6x53-jw92",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "7.23.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.8.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "0.4.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "7.23.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*",
"cpe_name": [],
"versionEndExcluding": "7.23.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-45133"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
},
{
"name": "https://github.com/babel/babel/pull/16033",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/babel/babel/pull/16033"
},
{
"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
},
{
"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
},
{
"name": "https://github.com/babel/babel/releases/tag/v7.23.2",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/babel/babel/releases/tag/v7.23.2"
},
{
"name": "https://www.debian.org/security/2023/dsa-5528",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5528"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
},
"lastModifiedDate": "2023-10-24T16:52Z",
"publishedDate": "2023-10-12T17:15Z"
}
}
}
NCSC-2025-0357
Vulnerability from csaf_ncscnl - Published: 2025-11-11 18:14 - Updated: 2025-11-11 18:14Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power en Solid Edge.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (root/admin rechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Verhogen van rechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-125
Out-of-bounds Read
CWE-184
Incomplete List of Disallowed Inputs
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-266
Incorrect Privilege Assignment
CWE-295
Improper Certificate Validation
CWE-306
Missing Authentication for Critical Function
CWE-319
Cleartext Transmission of Sensitive Information
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-420
Unprotected Alternate Channel
CWE-427
Uncontrolled Search Path Element
CWE-648
Incorrect Use of Privileged APIs
CWE-697
Incorrect Comparison
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power en Solid Edge.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (root/admin rechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Verhogen van rechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Incomplete List of Disallowed Inputs",
"title": "CWE-184"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Incorrect Privilege Assignment",
"title": "CWE-266"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Unprotected Alternate Channel",
"title": "CWE-420"
},
{
"category": "general",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "general",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-201498.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-267056.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-339694.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-514895.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-522291.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-682326.html"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2025-11-11T18:14:44.487803Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0357",
"initial_release_date": "2025-11-11T18:14:44.487803Z",
"revision_history": [
{
"date": "2025-11-11T18:14:44.487803Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Altair Grid Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "COMOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "INTRALOG WMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "JT2Go (Application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "LOGO! 12/24RCE (6ED1052-1MD08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "LOGO! 230RCE (6ED1052-1FB08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "LOGO! 230RCEo (6ED1052-2FB08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "LOGO! 24CE (6ED1052-1CC08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "LOGO! 24CEo (6ED1052-2CC08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "LOGO! 24RCE (6ED1052-1HB08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "LOGO! 24RCEo (6ED1052-2HB08-0BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100 (7KG9501-0AA01-0AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100 (7KG9501-0AA31-0AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "POWER METER SICAM Q200 family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Power Meter Sicam Q100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Power Meter Sicam Q200 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Q200 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "SICAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA00-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA00-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA10-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA10-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA30-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8500-0AA30-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA01-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA01-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA02-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA02-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA11-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA11-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA12-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA12-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-37"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA31-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-38"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA31-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-39"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA32-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-40"
}
}
],
"category": "product_name",
"name": "SICAM P850 (7KG8501-0AA32-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-41"
}
}
],
"category": "product_name",
"name": "SICAM P850 Firmware (OS)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-42"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA00-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-43"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA00-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-44"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA10-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-45"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA10-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-46"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA30-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-47"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8550-0AA30-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-48"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA01-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-49"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA01-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-50"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA02-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-51"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA02-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-52"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA11-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-53"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA11-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-54"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA12-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-55"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA12-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-56"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA31-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-57"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA31-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-58"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA32-0AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-59"
}
}
],
"category": "product_name",
"name": "SICAM P855 (7KG8551-0AA32-2AA0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-60"
}
}
],
"category": "product_name",
"name": "SICAM P855 Firmware (OS)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-61"
}
}
],
"category": "product_name",
"name": "SIDIS Prime"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-62"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-63"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-64"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-65"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-66"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-67"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-68"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-69"
}
}
],
"category": "product_name",
"name": "SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-70"
}
}
],
"category": "product_name",
"name": "Sidis Prime"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-71"
}
}
],
"category": "product_name",
"name": "Siemens SICAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-72"
}
}
],
"category": "product_name",
"name": "Siemens Software Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-73"
}
}
],
"category": "product_name",
"name": "Siveillance Video"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-74"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2022 R1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-75"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2022 R2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-76"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2022 R3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-77"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2023 R1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-78"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2023 R2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-79"
}
}
],
"category": "product_name",
"name": "Siveillance Video 2023 R3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-80"
}
}
],
"category": "product_name",
"name": "Solid Edge SE2025"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-81"
}
}
],
"category": "product_name",
"name": "Spectrum Power 4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-82"
}
}
],
"category": "product_name",
"name": "Teamcenter Visualization"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-83"
}
}
],
"category": "product_name",
"name": "q200_firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-84"
}
}
],
"category": "product_name",
"name": "\u200bPower Meter Sicam Q200 Family"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-30901",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "description",
"text": "A vulnerability in all versions of POWER METER SICAM Q100 prior to V2.60 allows Cross-Site Request Forgery attacks via the web interface, enabling unauthorized actions through deceptive links clicked by authenticated users.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-30901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2023-30901"
},
{
"cve": "CVE-2023-31238",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "All versions of POWER METER SICAM Q100 prior to V2.60 are vulnerable due to the lack of cookie protection flags, allowing attackers to impersonate legitimate users via session token access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-31238 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-31238.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2023-31238"
},
{
"cve": "CVE-2023-45133",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "other",
"text": "Incomplete List of Disallowed Inputs",
"title": "CWE-184"
},
{
"category": "other",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "description",
"text": "Babel and Splunk Enterprise have multiple vulnerabilities allowing arbitrary code execution, with Babel\u0027s flaws in specific methods and Splunk\u0027s third-party component errors posing significant risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-45133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-420",
"name": "Unprotected Alternate Channel"
},
"notes": [
{
"category": "other",
"text": "Unprotected Alternate Channel",
"title": "CWE-420"
},
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "description",
"text": "Siemens and Microsoft have addressed multiple vulnerabilities across various products, including COMOS, .NET Framework, and SQL Data Providers, which could enable significant security breaches and data exposure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0056 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-0056.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-0056"
},
{
"cve": "CVE-2024-32008",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"notes": [
{
"category": "other",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "description",
"text": "The application contains a local privilege escalation vulnerability due to an exposed debug interface, allowing local users to execute code with administrative privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32008 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32008.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32008"
},
{
"cve": "CVE-2024-32009",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"notes": [
{
"category": "other",
"text": "Incorrect Privilege Assignment",
"title": "CWE-266"
},
{
"category": "description",
"text": "The application contains a local privilege escalation vulnerability due to improper permissions on a binary, allowing local attackers to gain administrative privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32009"
},
{
"cve": "CVE-2024-32010",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "The application contains a vulnerability that exposes database credentials through a publicly accessible file, allowing attackers to connect as privileged users and execute system commands.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32010 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32010.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32010"
},
{
"cve": "CVE-2024-32011",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"notes": [
{
"category": "other",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
},
{
"category": "description",
"text": "The application contains a vulnerability that permits arbitrary command execution via its user interface, which is accessible over the network and operates with administrative privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32011 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32011.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32011"
},
{
"cve": "CVE-2024-32014",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "The application contains a vulnerability that allows an attacker to alter the local database of application credentials, potentially leading to unauthorized administrative access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32014 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2024-32014"
},
{
"cve": "CVE-2025-2884",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in various HPE servers and the TCG TPM2.0 Reference implementation, including Out-of-Bounds read issues and local denial of service exploits.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-2884 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-2884.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-2884"
},
{
"cve": "CVE-2025-40744",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Affected applications exhibit inadequate validation of client certificates for the License Service endpoint, which may allow remote attackers to perform man-in-the-middle attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40744 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40744.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40744"
},
{
"cve": "CVE-2025-40760",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "The affected products inadequately handle error messages, potentially exposing sensitive password hash information during user authentication, which could allow local attackers to extract and brute-force privileged account passwords.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40760 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40760.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40760"
},
{
"cve": "CVE-2025-40763",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "description",
"text": "The document outlines a vulnerability in specific products that inadequately validate environment variables during shared library loading, enabling local attackers to execute arbitrary code with superuser privileges via path hijacking.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40763 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40763.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40763"
},
{
"cve": "CVE-2025-40815",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "Devices with vulnerabilities in TCP packet structure validation may allow attackers to exploit buffer overflows and execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40815 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40815.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40815"
},
{
"cve": "CVE-2025-40816",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "Affected devices lack necessary validations, allowing unauthenticated remote attackers to change the device\u0027s IP address, making it unreachable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40816 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40816"
},
{
"cve": "CVE-2025-40817",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "Affected devices lack necessary validations, allowing unauthenticated remote attackers to alter the device\u0027s time, which may lead to unintended operational behavior.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40817"
},
{
"cve": "CVE-2025-40827",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "description",
"text": "The application is vulnerable to DLL hijacking, allowing attackers to execute arbitrary code by placing a malicious DLL file on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40827 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40827.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36",
"CSAFPID-37",
"CSAFPID-38",
"CSAFPID-39",
"CSAFPID-40",
"CSAFPID-41",
"CSAFPID-42",
"CSAFPID-43",
"CSAFPID-44",
"CSAFPID-45",
"CSAFPID-46",
"CSAFPID-47",
"CSAFPID-48",
"CSAFPID-49",
"CSAFPID-50",
"CSAFPID-51",
"CSAFPID-52",
"CSAFPID-53",
"CSAFPID-54",
"CSAFPID-55",
"CSAFPID-56",
"CSAFPID-57",
"CSAFPID-58",
"CSAFPID-59",
"CSAFPID-60",
"CSAFPID-61",
"CSAFPID-62",
"CSAFPID-63",
"CSAFPID-64",
"CSAFPID-65",
"CSAFPID-66",
"CSAFPID-67",
"CSAFPID-68",
"CSAFPID-69",
"CSAFPID-70",
"CSAFPID-71",
"CSAFPID-72",
"CSAFPID-73",
"CSAFPID-74",
"CSAFPID-75",
"CSAFPID-76",
"CSAFPID-77",
"CSAFPID-78",
"CSAFPID-79",
"CSAFPID-80",
"CSAFPID-81",
"CSAFPID-82",
"CSAFPID-83",
"CSAFPID-84"
]
}
],
"title": "CVE-2025-40827"
}
]
}
MSRC_CVE-2023-45133
Vulnerability from csaf_microsoft - Published: 2023-10-01 00:00 - Updated: 2025-09-04 00:00Summary
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-45133.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"tracking": {
"current_release_date": "2025-09-04T00:00:04.000Z",
"generator": {
"date": "2025-10-20T00:44:26.411Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-45133",
"initial_release_date": "2023-10-01T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-04T00:00:04.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 babel 2.12.1-1",
"product": {
"name": "azl3 babel 2.12.1-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 babel 2.12.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45133",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-45133.json"
}
],
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"
}
]
}
WID-SEC-W-2024-0049
Vulnerability from csaf_certbund - Published: 2024-01-09 23:00 - Updated: 2024-07-01 22:00Summary
Splunk Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen oder unbekannte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0049 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0049.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0049 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0049"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0101 vom 2024-01-09",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0101"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0102 vom 2024-01-09",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0102"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0103 vom 2024-01-09",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0103"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0104 vom 2024-01-09",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0104"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0112 vom 2024-01-30",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0112"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
}
],
"source_lang": "en-US",
"title": "Splunk Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-01T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:28.208+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0049",
"initial_release_date": "2024-01-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Security \u003c7.3.0",
"product": {
"name": "Splunk Splunk Enterprise Security \u003c7.3.0",
"product_id": "T031923"
}
},
{
"category": "product_version_range",
"name": "Security \u003c7.2.0",
"product": {
"name": "Splunk Splunk Enterprise Security \u003c7.2.0",
"product_id": "T031924"
}
},
{
"category": "product_version_range",
"name": "Security \u003c7.1.2",
"product": {
"name": "Splunk Splunk Enterprise Security \u003c7.1.2",
"product_id": "T031925"
}
},
{
"category": "product_version_range",
"name": "UBA \u003c5.3.0",
"product": {
"name": "Splunk Splunk Enterprise UBA \u003c5.3.0",
"product_id": "T031926"
}
},
{
"category": "product_version_range",
"name": "UBA \u003c5.2.1",
"product": {
"name": "Splunk Splunk Enterprise UBA \u003c5.2.1",
"product_id": "T031927"
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.1",
"product_id": "T033705"
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.4",
"product_id": "T033718"
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.9",
"product_id": "T033720"
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5237",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2015-5237"
},
{
"cve": "CVE-2021-23446",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2021-23446"
},
{
"cve": "CVE-2022-25883",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-25883"
},
{
"cve": "CVE-2022-3171",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-3509",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-3509"
},
{
"cve": "CVE-2022-3510",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-3510"
},
{
"cve": "CVE-2022-37599",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-37599"
},
{
"cve": "CVE-2022-37601",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-37601"
},
{
"cve": "CVE-2022-37603",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-37603"
},
{
"cve": "CVE-2022-46175",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2022-46175"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-32695",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-32695"
},
{
"cve": "CVE-2023-45133",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2024-22164",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente \"Investigator\" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2024-22164"
},
{
"cve": "CVE-2024-22165",
"notes": [
{
"category": "description",
"text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente \"Investigator\" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033720",
"T033718",
"T033705"
]
},
"release_date": "2024-01-09T23:00:00.000+00:00",
"title": "CVE-2024-22165"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…