Vulnerability-Lookup

CVE-2023-48795 (GCVE-0-2023-48795)

Vulnerability from cvelistv5 – Published: 2023-12-18 00:00 – Updated: 2026-05-12 11:02

Summary

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-354 - Improper Validation of Integrity Check Value

Assigner

mitre

References

139 references

URL	Tags
https://www.chiark.greenend.org.uk/~sgtatham/putt…
https://matt.ucc.asn.au/dropbear/CHANGES
https://github.com/proftpd/proftpd/blob/master/RE…
https://www.netsarang.com/en/xshell-update-history/
https://www.paramiko.org/changelog.html
https://www.openssh.com/openbsd.html
https://github.com/openssh/openssh-portable/commi…
https://groups.google.com/g/golang-announce/c/-n5…
https://www.bitvise.com/ssh-server-version-history
https://github.com/ronf/asyncssh/tags
https://gitlab.com/libssh/libssh-mirror/-/tags
https://www.reddit.com/r/sysadmin/comments/18idv5…
https://github.com/erlang/otp/blob/d1b43dc0f1361d…
https://www.openssh.com/txt/release-9.6
https://jadaptive.com/important-java-ssh-security…
https://www.terrapin-attack.com
https://github.com/mkj/dropbear/blob/17657c36cce6…
https://github.com/ronf/asyncssh/blob/develop/doc…
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/TeraTermProject/teraterm/commi…
https://www.openwall.com/lists/oss-security/2023/…
https://twitter.com/TrueSkrillor/status/173677438…
https://github.com/golang/crypto/commit/9d2ee975e…
https://github.com/paramiko/paramiko/issues/2337
https://groups.google.com/g/golang-announce/c/qA3…
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
http://www.openwall.com/lists/oss-security/2023/12/18/3	mailing-list
https://github.com/mwiede/jsch/issues/457
https://git.libssh.org/projects/libssh.git/commit…
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://security-tracker.debian.org/tracker/sourc…
https://security-tracker.debian.org/tracker/sourc…
https://security-tracker.debian.org/tracker/CVE-2…
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugs.gentoo.org/920280
https://ubuntu.com/security/CVE-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-…
https://access.redhat.com/security/cve/cve-2023-48795
https://github.com/mwiede/jsch/pull/461
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/libssh2/libssh2/pull/1291
https://forum.netgate.com/topic/184941/terrapin-s…
https://github.com/jtesta/ssh-audit/commit/8e972c…
https://github.com/rapier1/hpn-ssh/releases
https://github.com/proftpd/proftpd/issues/456
https://github.com/TeraTermProject/teraterm/relea…
https://github.com/mwiede/jsch/compare/jsch-0.2.1…
https://oryx-embedded.com/download/#changelog
https://www.crushftp.com/crush10wiki/Wiki.jsp?pag…
https://github.com/connectbot/sshlib/compare/2.2.…
https://github.com/connectbot/sshlib/commit/5c8b5…
https://github.com/mscdex/ssh2/commit/97b223f8891…
https://nest.pijul.com/pijul/thrussh/changes/D6H7…
https://crates.io/crates/thrussh/versions
https://github.com/NixOS/nixpkgs/pull/275249
http://www.openwall.com/lists/oss-security/2023/12/19/5	mailing-list
https://www.freebsd.org/security/advisories/FreeB…
https://arstechnica.com/security/2023/12/hackers-…
http://www.openwall.com/lists/oss-security/2023/12/20/3	mailing-list
http://packetstormsecurity.com/files/176280/Terra…
https://github.com/proftpd/proftpd/blob/d21e7a2e4…
https://github.com/proftpd/proftpd/blob/0a7ea9b0b…
https://github.com/apache/mina-sshd/issues/445
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://www.openwall.com/lists/oss-security/2023/…
https://security-tracker.debian.org/tracker/sourc…
https://github.com/net-ssh/net-ssh/blob/2e65064a5…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://www.debian.org/security/2023/dsa-5586	vendor-advisory
https://www.lancom-systems.de/service-support/all…
https://www.theregister.com/2023/12/20/terrapin_a…
https://filezilla-project.org/versions.php
https://nova.app/releases/#v11.8
https://roumenpetrov.info/secsh/#news20231220
https://www.vandyke.com/products/securecrt/history.txt
https://help.panic.com/releasenotes/transmit5/
https://github.com/PowerShell/Win32-OpenSSH/relea…
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://github.com/cyd01/KiTTY/issues/520
https://www.debian.org/security/2023/dsa-5588	vendor-advisory
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://news.ycombinator.com/item?id=38732005
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.gentoo.org/glsa/202312-16	vendor-advisory
https://security.gentoo.org/glsa/202312-17	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2024010…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://psirt.global.sonicwall.com/vuln-detail/SN…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2024…	mailing-list
https://lists.debian.org/debian-lts-announce/2024…	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://support.apple.com/kb/HT214084
http://seclists.org/fulldisclosure/2024/Mar/21	mailing-list
https://lists.debian.org/debian-lts-announce/2024…	mailing-list
http://www.openwall.com/lists/oss-security/2024/04/17/8	mailing-list
http://www.openwall.com/lists/oss-security/2024/03/06/3	mailing-list
https://www.vicarius.io/vsociety/posts/cve-2023-4…
https://www.vicarius.io/vsociety/posts/cve-2023-4…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2024…
https://lists.debian.org/debian-lts-announce/2024…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

4 products

Vendor	Product	Version
Siemens	RUGGEDCOM APE1808	Affected: 0 , < * (custom)
Siemens	SIMATIC S7-1500 CPU 1518-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)
Siemens	SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)
Siemens	SIPLUS S7-1500 CPU 1518-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T22:05:21.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://matt.ucc.asn.au/dropbear/CHANGES"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.netsarang.com/en/xshell-update-history/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.paramiko.org/changelog.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssh.com/openbsd.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/commits/master"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bitvise.com/ssh-server-version-history"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ronf/asyncssh/tags"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssh.com/txt/release-9.6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.terrapin-attack.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/paramiko/paramiko/issues/2337"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=38684904"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=38685286"
          },
          {
            "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mwiede/jsch/issues/457"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/920280"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/CVE-2023-48795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2023-48795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mwiede/jsch/pull/461"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/libssh2/libssh2/pull/1291"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rapier1/hpn-ssh/releases"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/issues/456"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://oryx-embedded.com/download/#changelog"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crates.io/crates/thrussh/versions"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/NixOS/nixpkgs/pull/275249"
          },
          {
            "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
          },
          {
            "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/mina-sshd/issues/445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/hierynomus/sshj/issues/916"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/janmojzis/tinyssh/issues/81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
          },
          {
            "name": "FEDORA-2023-0733306be9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
          },
          {
            "name": "DSA-5586",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5586"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://filezilla-project.org/versions.php"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nova.app/releases/#v11.8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://roumenpetrov.info/secsh/#news20231220"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.vandyke.com/products/securecrt/history.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://help.panic.com/releasenotes/transmit5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://winscp.net/eng/docs/history#6.2.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bitvise.com/ssh-client-version-history#933"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cyd01/KiTTY/issues/520"
          },
          {
            "name": "DSA-5588",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5588"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=38732005"
          },
          {
            "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
          },
          {
            "name": "GLSA-202312-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202312-16"
          },
          {
            "name": "GLSA-202312-17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202312-17"
          },
          {
            "name": "FEDORA-2023-20feb865d8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
          },
          {
            "name": "FEDORA-2023-cb8c606fbb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
          },
          {
            "name": "FEDORA-2023-e77300e4b5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
          },
          {
            "name": "FEDORA-2023-b87ec6cf47",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
          },
          {
            "name": "FEDORA-2023-153404713b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
          },
          {
            "name": "FEDORA-2024-3bb23c77f3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
          },
          {
            "name": "FEDORA-2023-55800423a8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
          },
          {
            "name": "FEDORA-2024-d946b9ad25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
          },
          {
            "name": "FEDORA-2024-71c2c6526c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
          },
          {
            "name": "FEDORA-2024-39a8c72ea9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
          },
          {
            "name": "FEDORA-2024-ae653fb07b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
          },
          {
            "name": "FEDORA-2024-2705241461",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
          },
          {
            "name": "FEDORA-2024-fb32950d11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
          },
          {
            "name": "FEDORA-2024-7b08207cdb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
          },
          {
            "name": "FEDORA-2024-06ebb70bdd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
          },
          {
            "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
          },
          {
            "name": "FEDORA-2024-a53b24023d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
          },
          {
            "name": "FEDORA-2024-3fd1bc9276",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214084"
          },
          {
            "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
          },
          {
            "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
          },
          {
            "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
          },
          {
            "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-48795",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-22T05:01:05.519910Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-354",
                "description": "CWE-354 Improper Validation of Integrity Check Value",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:45:57.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM APE1808",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:02:25.905Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T18:06:23.972Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
        },
        {
          "url": "https://matt.ucc.asn.au/dropbear/CHANGES"
        },
        {
          "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
        },
        {
          "url": "https://www.netsarang.com/en/xshell-update-history/"
        },
        {
          "url": "https://www.paramiko.org/changelog.html"
        },
        {
          "url": "https://www.openssh.com/openbsd.html"
        },
        {
          "url": "https://github.com/openssh/openssh-portable/commits/master"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
        },
        {
          "url": "https://www.bitvise.com/ssh-server-version-history"
        },
        {
          "url": "https://github.com/ronf/asyncssh/tags"
        },
        {
          "url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
        },
        {
          "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
        },
        {
          "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
        },
        {
          "url": "https://www.openssh.com/txt/release-9.6"
        },
        {
          "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
        },
        {
          "url": "https://www.terrapin-attack.com"
        },
        {
          "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
        },
        {
          "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
        },
        {
          "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
        },
        {
          "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
        },
        {
          "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
        },
        {
          "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
        },
        {
          "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
        },
        {
          "url": "https://github.com/paramiko/paramiko/issues/2337"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
        },
        {
          "url": "https://news.ycombinator.com/item?id=38684904"
        },
        {
          "url": "https://news.ycombinator.com/item?id=38685286"
        },
        {
          "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
        },
        {
          "url": "https://github.com/mwiede/jsch/issues/457"
        },
        {
          "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
        },
        {
          "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
        },
        {
          "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
        },
        {
          "url": "https://bugs.gentoo.org/920280"
        },
        {
          "url": "https://ubuntu.com/security/CVE-2023-48795"
        },
        {
          "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2023-48795"
        },
        {
          "url": "https://github.com/mwiede/jsch/pull/461"
        },
        {
          "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
        },
        {
          "url": "https://github.com/libssh2/libssh2/pull/1291"
        },
        {
          "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
        },
        {
          "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
        },
        {
          "url": "https://github.com/rapier1/hpn-ssh/releases"
        },
        {
          "url": "https://github.com/proftpd/proftpd/issues/456"
        },
        {
          "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
        },
        {
          "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
        },
        {
          "url": "https://oryx-embedded.com/download/#changelog"
        },
        {
          "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
        },
        {
          "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
        },
        {
          "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
        },
        {
          "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
        },
        {
          "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
        },
        {
          "url": "https://crates.io/crates/thrussh/versions"
        },
        {
          "url": "https://github.com/NixOS/nixpkgs/pull/275249"
        },
        {
          "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
        },
        {
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
        },
        {
          "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
        },
        {
          "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
        },
        {
          "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
        },
        {
          "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
        },
        {
          "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
        },
        {
          "url": "https://github.com/apache/mina-sshd/issues/445"
        },
        {
          "url": "https://github.com/hierynomus/sshj/issues/916"
        },
        {
          "url": "https://github.com/janmojzis/tinyssh/issues/81"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
        },
        {
          "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
        },
        {
          "name": "FEDORA-2023-0733306be9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
        },
        {
          "name": "DSA-5586",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5586"
        },
        {
          "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
        },
        {
          "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
        },
        {
          "url": "https://filezilla-project.org/versions.php"
        },
        {
          "url": "https://nova.app/releases/#v11.8"
        },
        {
          "url": "https://roumenpetrov.info/secsh/#news20231220"
        },
        {
          "url": "https://www.vandyke.com/products/securecrt/history.txt"
        },
        {
          "url": "https://help.panic.com/releasenotes/transmit5/"
        },
        {
          "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
        },
        {
          "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
        },
        {
          "url": "https://winscp.net/eng/docs/history#6.2.2"
        },
        {
          "url": "https://www.bitvise.com/ssh-client-version-history#933"
        },
        {
          "url": "https://github.com/cyd01/KiTTY/issues/520"
        },
        {
          "name": "DSA-5588",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5588"
        },
        {
          "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
        },
        {
          "url": "https://news.ycombinator.com/item?id=38732005"
        },
        {
          "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
        },
        {
          "name": "GLSA-202312-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202312-16"
        },
        {
          "name": "GLSA-202312-17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202312-17"
        },
        {
          "name": "FEDORA-2023-20feb865d8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
        },
        {
          "name": "FEDORA-2023-cb8c606fbb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
        },
        {
          "name": "FEDORA-2023-e77300e4b5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
        },
        {
          "name": "FEDORA-2023-b87ec6cf47",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
        },
        {
          "name": "FEDORA-2023-153404713b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
        },
        {
          "name": "FEDORA-2024-3bb23c77f3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
        },
        {
          "name": "FEDORA-2023-55800423a8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
        },
        {
          "name": "FEDORA-2024-d946b9ad25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
        },
        {
          "name": "FEDORA-2024-71c2c6526c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
        },
        {
          "name": "FEDORA-2024-39a8c72ea9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
        },
        {
          "name": "FEDORA-2024-ae653fb07b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
        },
        {
          "name": "FEDORA-2024-2705241461",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
        },
        {
          "name": "FEDORA-2024-fb32950d11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
        },
        {
          "name": "FEDORA-2024-7b08207cdb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
        },
        {
          "name": "FEDORA-2024-06ebb70bdd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
        },
        {
          "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
        },
        {
          "name": "FEDORA-2024-a53b24023d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
        },
        {
          "name": "FEDORA-2024-3fd1bc9276",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
        },
        {
          "url": "https://support.apple.com/kb/HT214084"
        },
        {
          "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
        },
        {
          "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
        },
        {
          "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
        },
        {
          "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-48795",
    "datePublished": "2023-12-18T00:00:00.000Z",
    "dateReserved": "2023-11-20T00:00:00.000Z",
    "dateUpdated": "2026-05-12T11:02:25.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-48795",
      "date": "2026-06-27",
      "epss": "0.93305",
      "percentile": "0.99822"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.6\", \"matchCriteriaId\": \"5308FBBB-F738-41C5-97A4-E40118E957CD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.80\", \"matchCriteriaId\": \"A9D807DB-9E20-4792-8A9F-4BFFC841BAB7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.66.4\", \"matchCriteriaId\": \"42915485-A4DA-48DD-9C15-415D2D39DC52\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.1.0\", \"matchCriteriaId\": \"9F37C9AC-185F-403A-A79B-2D5C8E11AFC4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.10.4\", \"matchCriteriaId\": \"31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.8\", \"matchCriteriaId\": \"F2FCF7EF-97D7-44CF-AC74-72D856901755\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.4\", \"matchCriteriaId\": \"53CAD263-1C60-43BD-86A2-C8DB15FFB4C6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.2.2\", \"matchCriteriaId\": \"8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.33\", \"matchCriteriaId\": \"6209E375-10C7-4E65-A2E7-455A686717AC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.32\", \"matchCriteriaId\": \"1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.66.4\", \"matchCriteriaId\": \"3A71B523-0778-46C6-A38B-64452E0BB6E7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"418940E3-6DD1-4AA6-846A-03E059D0C681\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"411BA58A-33B6-44CA-B9D6-7F9042D46961\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA17A153-30E4-4731-8706-8F74FCA50993\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB736F57-9BE3-4457-A10E-FA88D0932154\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.4.3\", \"matchCriteriaId\": \"6EB8D02D-87F3-414D-A3EA-43F594DAAC1B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.10.6\", \"matchCriteriaId\": \"AAB481DA-FBFE-4CC2-9AE7-22025FA07494\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*\", \"matchCriteriaId\": \"3D6FD459-F8E8-4126-8097-D30B4639404A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*\", \"versionEndIncluding\": \"1.11.0\", \"matchCriteriaId\": \"69510F52-C699-4E7D-87EF-7000682888F0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.3.8b\", \"matchCriteriaId\": \"9461430B-3709-45B6-8858-2101F5AE4481\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"12.4\", \"matchCriteriaId\": \"B9A01DF3-E20E-4F29-B5CF-DDF717D01E74\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.35.1\", \"matchCriteriaId\": \"D25EB73D-6145-4B7D-8F14-80FD0B458E99\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1\", \"matchCriteriaId\": \"77594DEC-B5F7-4911-A13D-FFE91C74BAFA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.3.4\", \"matchCriteriaId\": \"F8FF7E74-2351-4CD9-B717-FA28893293A1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.6.0\", \"matchCriteriaId\": \"82A93C12-FEB6-4E82-B283-0ED7820D807E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"build__0144\", \"matchCriteriaId\": \"B480AE79-2FA1-4281-9F0D-0DE812B9354D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.4.0\", \"matchCriteriaId\": \"826B6323-06F8-4B96-8771-3FA15A727B08\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA7EAD12-E398-44AF-9859-F3CA6C63BA6B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0AAA300-691A-4957-8B69-F6888CC971B1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45937289-2D64-47CB-A750-5B4F0D4664A0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E2C021C-A9F0-4EB4-ADED-81D8B57B4563\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C877879-B84B-471C-80CF-0656521CA8AB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"379A5883-F6DF-41F5-9403-8D17F6605737\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5B1D946-5978-4818-BF21-A43D9C1365E1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D5A7736-A403-4617-8790-18E46CB74DA6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E0DE4E1-5D8D-40F3-8AC8-C7F736966158\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88BF3B2C-B121-483A-AEF2-8082F6DA5310\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.17.0\", \"matchCriteriaId\": \"F92E56DF-98DF-4328-B37E-4D5744E4103D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*\", \"versionEndExcluding\": \"0.40.2\", \"matchCriteriaId\": \"AC12508E-3C31-44EA-B4F3-29316BE9B189\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.5.6\", \"matchCriteriaId\": \"1750028C-698D-4E84-B727-8A155A46ADEB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"26.2.1\", \"matchCriteriaId\": \"3A9A8E99-7F4A-4B74-B86B-8B3E8B2A8776\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.2.15\", \"matchCriteriaId\": \"61119DB3-4336-4D3B-863A-0CCF4146E5C1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.11.1\", \"matchCriteriaId\": \"7BFDD272-3DF0-4E3F-B69A-E7ABF4B18B24\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.14.2\", \"matchCriteriaId\": \"FAE46983-0ABC-49F7-AC18-A78FAC7E73AA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2022.83\", \"matchCriteriaId\": \"06BF3368-F232-4E6B-883E-A591EED5C827\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.1.0-snapshot\", \"matchCriteriaId\": \"36531FB6-5682-4BF1-9785-E9D6D1C4207B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.11\", \"matchCriteriaId\": \"514ED687-0D7B-479B-82C5-7EB1A5EEC94C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.4.6\", \"matchCriteriaId\": \"83B1AF39-C0B9-4031-B19A-BDDD4F337273\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"23.09.1\", \"matchCriteriaId\": \"2B71B0EF-888E-45E2-A055-F59CDCC1AFC7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.7.2\", \"matchCriteriaId\": \"8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.6.0\", \"matchCriteriaId\": \"C1795F7A-203F-400E-B09C-0FAF16D01CFC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.2.22\", \"matchCriteriaId\": \"0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.11.0\", \"matchCriteriaId\": \"E2D7B0CA-C01F-4296-9425-48299E3889C5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.37.0\", \"matchCriteriaId\": \"1C3EB0B8-9E76-4146-AB02-02E20B91D55C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20230101\", \"matchCriteriaId\": \"0582468A-149B-429F-978A-2AEDF4BE2606\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.76.1.13\", \"matchCriteriaId\": \"98321BF9-5E8F-4836-842C-47713B1C2775\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76BDAFDE-4515-42E6-820F-38AF4A786CF2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5920923E-0D52-44E5-801D-10B82846ED58\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14.4\", \"matchCriteriaId\": \"73160D1F-755B-46D2-969F-DF8E43BB1099\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\"}, {\"lang\": \"es\", \"value\": \"El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\\u00f3n de extensi\\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\\u00f3n para la cual algunas caracter\\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\\u00eda haber efectos en Bitvise SSH hasta la versi\\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023.\"}]",
      "id": "CVE-2023-48795",
      "lastModified": "2024-12-02T14:54:27.177",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
      "published": "2023-12-18T16:15:10.897",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://bugs.gentoo.org/920280\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://crates.io/crates/thrussh/versions\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://filezilla-project.org/versions.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\"]}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ronf/asyncssh/tags\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://nova.app/releases/#v11.8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://oryx-embedded.com/download/#changelog\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openssh.com/openbsd.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openssh.com/txt/release-9.6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.terrapin-attack.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://bugs.gentoo.org/920280\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://crates.io/crates/thrussh/versions\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://filezilla-project.org/versions.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\"]}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ronf/asyncssh/tags\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://nova.app/releases/#v11.8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://oryx-embedded.com/download/#changelog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openssh.com/openbsd.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openssh.com/txt/release-9.6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.terrapin-attack.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-354\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-48795\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-12-18T16:15:10.897\",\"lastModified\":\"2026-06-17T06:34:59.200\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\"},{\"lang\":\"es\",\"value\":\"El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\u00f3n de extensi\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\u00f3n para la cual algunas caracter\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\u00eda haber efectos en Bitvise SSH hasta la versi\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM APE1808\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2023-12-22T05:01:05.519910Z\",\"id\":\"CVE-2023-48795\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.6\",\"matchCriteriaId\":\"5308FBBB-F738-41C5-97A4-E40118E957CD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.80\",\"matchCriteriaId\":\"A9D807DB-9E20-4792-8A9F-4BFFC841BAB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.66.4\",\"matchCriteriaId\":\"42915485-A4DA-48DD-9C15-415D2D39DC52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.4\",\"matchCriteriaId\":\"31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.8\",\"matchCriteriaId\":\"F2FCF7EF-97D7-44CF-AC74-72D856901755\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"53CAD263-1C60-43BD-86A2-C8DB15FFB4C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.2\",\"matchCriteriaId\":\"8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.33\",\"matchCriteriaId\":\"6209E375-10C7-4E65-A2E7-455A686717AC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.32\",\"matchCriteriaId\":\"1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.66.4\",\"matchCriteriaId\":\"3A71B523-0778-46C6-A38B-64452E0BB6E7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"418940E3-6DD1-4AA6-846A-03E059D0C681\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"411BA58A-33B6-44CA-B9D6-7F9042D46961\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA17A153-30E4-4731-8706-8F74FCA50993\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB736F57-9BE3-4457-A10E-FA88D0932154\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.3\",\"matchCriteriaId\":\"6EB8D02D-87F3-414D-A3EA-43F594DAAC1B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.10.6\",\"matchCriteriaId\":\"AAB481DA-FBFE-4CC2-9AE7-22025FA07494\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"3D6FD459-F8E8-4126-8097-D30B4639404A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"1.11.0\",\"matchCriteriaId\":\"69510F52-C699-4E7D-87EF-7000682888F0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.8b\",\"matchCriteriaId\":\"9461430B-3709-45B6-8858-2101F5AE4481\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.4\",\"matchCriteriaId\":\"B9A01DF3-E20E-4F29-B5CF-DDF717D01E74\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.35.1\",\"matchCriteriaId\":\"D25EB73D-6145-4B7D-8F14-80FD0B458E99\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\",\"matchCriteriaId\":\"77594DEC-B5F7-4911-A13D-FFE91C74BAFA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.4\",\"matchCriteriaId\":\"F8FF7E74-2351-4CD9-B717-FA28893293A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.6.0\",\"matchCriteriaId\":\"82A93C12-FEB6-4E82-B283-0ED7820D807E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"build__0144\",\"matchCriteriaId\":\"B480AE79-2FA1-4281-9F0D-0DE812B9354D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.0\",\"matchCriteriaId\":\"826B6323-06F8-4B96-8771-3FA15A727B08\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7EAD12-E398-44AF-9859-F3CA6C63BA6B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AAA300-691A-4957-8B69-F6888CC971B1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45937289-2D64-47CB-A750-5B4F0D4664A0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E2C021C-A9F0-4EB4-ADED-81D8B57B4563\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C877879-B84B-471C-80CF-0656521CA8AB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"379A5883-F6DF-41F5-9403-8D17F6605737\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5B1D946-5978-4818-BF21-A43D9C1365E1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5A7736-A403-4617-8790-18E46CB74DA6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E0DE4E1-5D8D-40F3-8AC8-C7F736966158\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BF3B2C-B121-483A-AEF2-8082F6DA5310\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"F92E56DF-98DF-4328-B37E-4D5744E4103D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"0.40.2\",\"matchCriteriaId\":\"AC12508E-3C31-44EA-B4F3-29316BE9B189\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.5.6\",\"matchCriteriaId\":\"1750028C-698D-4E84-B727-8A155A46ADEB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.3.4.27\",\"matchCriteriaId\":\"B38C0997-A8CC-473C-98CF-641FD21EB411\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"23.0\",\"versionEndExcluding\":\"23.3.4.20\",\"matchCriteriaId\":\"5887F3E2-9214-4FAE-8768-441D770E27C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"24.0\",\"versionEndExcluding\":\"24.3.4.15\",\"matchCriteriaId\":\"8D7CB988-94C4-45BE-AD9D-9C16899A71DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"25.0\",\"versionEndExcluding\":\"25.3.2.8\",\"matchCriteriaId\":\"EB749F4B-99FC-4AE8-BDB3-85B081B52F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.2.1\",\"matchCriteriaId\":\"2380909A-BA9B-4A76-82F2-D2D0EF242E57\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.2.15\",\"matchCriteriaId\":\"61119DB3-4336-4D3B-863A-0CCF4146E5C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.1\",\"matchCriteriaId\":\"7BFDD272-3DF0-4E3F-B69A-E7ABF4B18B24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.14.2\",\"matchCriteriaId\":\"FAE46983-0ABC-49F7-AC18-A78FAC7E73AA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2022.83\",\"matchCriteriaId\":\"06BF3368-F232-4E6B-883E-A591EED5C827\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.0-snapshot\",\"matchCriteriaId\":\"36531FB6-5682-4BF1-9785-E9D6D1C4207B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.1.5\",\"matchCriteriaId\":\"A86A51EA-B501-42F8-91E6-4EA97DED767C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.11.1.7\",\"matchCriteriaId\":\"70989970-E224-4D1C-941E-BBFB2AE7285C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.12\",\"versionEndExcluding\":\"4.13.2.4\",\"matchCriteriaId\":\"E7819CE3-2849-4D15-874B-F6A68EF6D65F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14\",\"versionEndExcluding\":\"4.15.3.1\",\"matchCriteriaId\":\"F6A4DD8B-06AD-4F13-8F7E-1E2AAF81C119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.1.1\",\"matchCriteriaId\":\"D91ED5E1-1D75-4B63-B0A2-B2EB6D4AC685\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.6\",\"matchCriteriaId\":\"83B1AF39-C0B9-4031-B19A-BDDD4F337273\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"23.09.1\",\"matchCriteriaId\":\"2B71B0EF-888E-45E2-A055-F59CDCC1AFC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.7.2\",\"matchCriteriaId\":\"8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.6.0\",\"matchCriteriaId\":\"C1795F7A-203F-400E-B09C-0FAF16D01CFC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.22\",\"matchCriteriaId\":\"0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.0\",\"matchCriteriaId\":\"E2D7B0CA-C01F-4296-9425-48299E3889C5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.37.0\",\"matchCriteriaId\":\"1C3EB0B8-9E76-4146-AB02-02E20B91D55C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20230101\",\"matchCriteriaId\":\"0582468A-149B-429F-978A-2AEDF4BE2606\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.76.1.13\",\"matchCriteriaId\":\"98321BF9-5E8F-4836-842C-47713B1C2775\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76BDAFDE-4515-42E6-820F-38AF4A786CF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5920923E-0D52-44E5-801D-10B82846ED58\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"73160D1F-755B-46D2-969F-DF8E43BB1099\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/18/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/19/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/06/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/17/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://bugs.gentoo.org/920280\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1217950\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://crates.io/crates/thrussh/versions\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://filezilla-project.org/versions.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/NixOS/nixpkgs/pull/275249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/advisories/GHSA-45x7-px36-x8w8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/mina-sshd/issues/445\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/cyd01/KiTTY/issues/520\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/hierynomus/sshj/issues/916\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/janmojzis/tinyssh/issues/81\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/libssh2/libssh2/pull/1291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\"]},{\"url\":\"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/mwiede/jsch/issues/457\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/mwiede/jsch/pull/461\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssh/openssh-portable/commits/master\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/paramiko/paramiko/issues/2337\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/issues/456\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rapier1/hpn-ssh/releases\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/tags\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ssh-mitm/ssh-mitm/issues/165\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/warp-tech/russh/releases/tag/v0.40.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.com/libssh/libssh-mirror/-/tags\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://help.panic.com/releasenotes/transmit5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://matt.ucc.asn.au/dropbear/CHANGES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://news.ycombinator.com/item?id=38684904\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38685286\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38732005\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://nova.app/releases/#v11.8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://oryx-embedded.com/download/#changelog\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://roumenpetrov.info/secsh/#news20231220\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/libssh2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-17\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240105-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214084\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/TrueSkrillor/status/1736774389725565005\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://winscp.net/eng/docs/history#6.2.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-client-version-history#933\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-server-version-history\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5586\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5588\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.netsarang.com/en/xshell-update-history/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/openbsd.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/txt/release-9.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/18/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"https://www.paramiko.org/changelog.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.terrapin-attack.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.vandyke.com/products/securecrt/history.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/18/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/19/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/06/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/17/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://bugs.gentoo.org/920280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1217950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://crates.io/crates/thrussh/versions\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://filezilla-project.org/versions.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/NixOS/nixpkgs/pull/275249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/advisories/GHSA-45x7-px36-x8w8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/mina-sshd/issues/445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/cyd01/KiTTY/issues/520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/hierynomus/sshj/issues/916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/janmojzis/tinyssh/issues/81\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/libssh2/libssh2/pull/1291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\"]},{\"url\":\"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/mwiede/jsch/issues/457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/mwiede/jsch/pull/461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssh/openssh-portable/commits/master\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/paramiko/paramiko/issues/2337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/issues/456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rapier1/hpn-ssh/releases\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/tags\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ssh-mitm/ssh-mitm/issues/165\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/warp-tech/russh/releases/tag/v0.40.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.com/libssh/libssh-mirror/-/tags\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://help.panic.com/releasenotes/transmit5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://matt.ucc.asn.au/dropbear/CHANGES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://news.ycombinator.com/item?id=38684904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38685286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38732005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://nova.app/releases/#v11.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://oryx-embedded.com/download/#changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://roumenpetrov.info/secsh/#news20231220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/libssh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240105-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/TrueSkrillor/status/1736774389725565005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://winscp.net/eng/docs/history#6.2.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-client-version-history#933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-server-version-history\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.netsarang.com/en/xshell-update-history/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/openbsd.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/txt/release-9.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"https://www.paramiko.org/changelog.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.terrapin-attack.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.vandyke.com/products/securecrt/history.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-364175.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-769027.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-794697.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability\"}, {\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openssh.com/openbsd.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ronf/asyncssh/tags\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openssh.com/txt/release-9.6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.terrapin-attack.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"name\": \"[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugs.gentoo.org/920280\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://oryx-embedded.com/download/#changelog\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crates.io/crates/thrussh/versions\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"name\": \"[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"name\": \"[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"name\": \"FEDORA-2023-0733306be9\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"name\": \"DSA-5586\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://filezilla-project.org/versions.php\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://nova.app/releases/#v11.8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"name\": \"DSA-5588\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"name\": \"[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"name\": \"GLSA-202312-16\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"name\": \"GLSA-202312-17\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"name\": \"FEDORA-2023-20feb865d8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"name\": \"FEDORA-2023-cb8c606fbb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"name\": \"FEDORA-2023-e77300e4b5\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"name\": \"FEDORA-2023-b87ec6cf47\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"name\": \"FEDORA-2023-153404713b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"name\": \"FEDORA-2024-3bb23c77f3\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"name\": \"FEDORA-2023-55800423a8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"name\": \"FEDORA-2024-d946b9ad25\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"name\": \"FEDORA-2024-71c2c6526c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"name\": \"FEDORA-2024-39a8c72ea9\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"name\": \"FEDORA-2024-ae653fb07b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"name\": \"FEDORA-2024-2705241461\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"name\": \"FEDORA-2024-fb32950d11\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"name\": \"FEDORA-2024-7b08207cdb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"name\": \"FEDORA-2024-06ebb70bdd\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"name\": \"FEDORA-2024-a53b24023d\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"name\": \"FEDORA-2024-3fd1bc9276\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"name\": \"20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"name\": \"[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"name\": \"[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"name\": \"[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:05:21.417Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM APE1808\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-794697.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-364175.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-769027.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T11:02:25.905Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48795\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-22T05:01:05.519910Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-354\", \"description\": \"CWE-354 Improper Validation of Integrity Check Value\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-27T20:45:13.765Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\"}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\"}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\"}, {\"url\": \"https://www.paramiko.org/changelog.html\"}, {\"url\": \"https://www.openssh.com/openbsd.html\"}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\"}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\"}, {\"url\": \"https://github.com/ronf/asyncssh/tags\"}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\"}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\"}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\"}, {\"url\": \"https://www.openssh.com/txt/release-9.6\"}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\"}, {\"url\": \"https://www.terrapin-attack.com\"}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\"}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\"}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\"}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\"}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\"}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\"}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\"}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\"}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\"}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"name\": \"[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\"}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\"}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\"}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\"}, {\"url\": \"https://bugs.gentoo.org/920280\"}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\"}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\"}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\"}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\"}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\"}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\"}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\"}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\"}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\"}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\"}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\"}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\"}, {\"url\": \"https://oryx-embedded.com/download/#changelog\"}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\"}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\"}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\"}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\"}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\"}, {\"url\": \"https://crates.io/crates/thrussh/versions\"}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"name\": \"[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\"}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"name\": \"[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\"}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\"}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\"}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\"}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"name\": \"FEDORA-2023-0733306be9\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"name\": \"DSA-5586\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\"}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\"}, {\"url\": \"https://filezilla-project.org/versions.php\"}, {\"url\": \"https://nova.app/releases/#v11.8\"}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\"}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\"}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\"}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\"}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\"}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\"}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\"}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"name\": \"DSA-5588\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\"}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"name\": \"[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"name\": \"GLSA-202312-16\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"name\": \"GLSA-202312-17\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"name\": \"FEDORA-2023-20feb865d8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"name\": \"FEDORA-2023-cb8c606fbb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"name\": \"FEDORA-2023-e77300e4b5\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"name\": \"FEDORA-2023-b87ec6cf47\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"name\": \"FEDORA-2023-153404713b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"name\": \"FEDORA-2024-3bb23c77f3\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"name\": \"FEDORA-2023-55800423a8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"name\": \"FEDORA-2024-d946b9ad25\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"name\": \"FEDORA-2024-71c2c6526c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"name\": \"FEDORA-2024-39a8c72ea9\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"name\": \"FEDORA-2024-ae653fb07b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"name\": \"FEDORA-2024-2705241461\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"name\": \"FEDORA-2024-fb32950d11\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"name\": \"FEDORA-2024-7b08207cdb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"name\": \"FEDORA-2024-06ebb70bdd\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"name\": \"FEDORA-2024-a53b24023d\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"name\": \"FEDORA-2024-3fd1bc9276\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"name\": \"20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"name\": \"[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"name\": \"[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"name\": \"[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-01T18:06:23.972Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-48795\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T11:02:25.905Z\", \"dateReserved\": \"2023-11-20T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-12-18T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2024-0578

Vulnerability from csaf_certbund - Published: 2024-03-07 23:00 - Updated: 2025-01-06 23:00

Summary

Apple macOS: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff: Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.

Betroffene Betriebssysteme: - MacOS X

CVE-2022-42816

Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2022-48554

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2023-28826

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2023-42853

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2023-48795

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2023-51384

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2023-51385

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-0258

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23201

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23204

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23205

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23216

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23218

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23225

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23226

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23227

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23230

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23231

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23232

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23233

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23234

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23235

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23238

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23239

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23241

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23242

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23244

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23245

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23246

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23247

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23248

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23249

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23250

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23252

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23253

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23254

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23255

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23257

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23258

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23259

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23260

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23263

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23264

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23265

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23266

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23267

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23268

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23269

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23270

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23272

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23273

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23274

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23275

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23276

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23277

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23278

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23279

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23280

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23281

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23283

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23284

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23285

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23286

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23287

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23288

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23289

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23290

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23291

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23292

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23293

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23294

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23296

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

CVE-2024-23299

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.4 Apple / macOS		<14.4
Apple macOS <13.6.5 Apple / macOS		<13.6.5
Apple macOS <12.7.4 Apple / macOS		<12.7.4

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.apple.com/en-us/HT214083	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0578 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0578.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0578 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0578"
      },
      {
        "category": "external",
        "summary": "Apple Security Update vom 2024-03-07",
        "url": "https://support.apple.com/en-us/HT214083"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-06T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-07T09:19:04.754+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-0578",
      "initial_release_date": "2024-03-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-03-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-06T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE-2024-23299 erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.7.4",
                "product": {
                  "name": "Apple macOS \u003c12.7.4",
                  "product_id": "T033317"
                }
              },
              {
                "category": "product_version",
                "name": "12.7.4",
                "product": {
                  "name": "Apple macOS 12.7.4",
                  "product_id": "T033317-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:12.7.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c14.4",
                "product": {
                  "name": "Apple macOS \u003c14.4",
                  "product_id": "T033318"
                }
              },
              {
                "category": "product_version",
                "name": "14.4",
                "product": {
                  "name": "Apple macOS 14.4",
                  "product_id": "T033318-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:14.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.6.5",
                "product": {
                  "name": "Apple macOS \u003c13.6.5",
                  "product_id": "T033319"
                }
              },
              {
                "category": "product_version",
                "name": "13.6.5",
                "product": {
                  "name": "Apple macOS 13.6.5",
                  "product_id": "T033319-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:13.6.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "macOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42816",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2022-42816"
    },
    {
      "cve": "CVE-2022-48554",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2022-48554"
    },
    {
      "cve": "CVE-2023-28826",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2023-28826"
    },
    {
      "cve": "CVE-2023-42853",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2023-42853"
    },
    {
      "cve": "CVE-2023-48795",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-51384",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2023-51384"
    },
    {
      "cve": "CVE-2023-51385",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2023-51385"
    },
    {
      "cve": "CVE-2024-0258",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-0258"
    },
    {
      "cve": "CVE-2024-23201",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23201"
    },
    {
      "cve": "CVE-2024-23204",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23204"
    },
    {
      "cve": "CVE-2024-23205",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23205"
    },
    {
      "cve": "CVE-2024-23216",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23216"
    },
    {
      "cve": "CVE-2024-23218",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23218"
    },
    {
      "cve": "CVE-2024-23225",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23225"
    },
    {
      "cve": "CVE-2024-23226",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23226"
    },
    {
      "cve": "CVE-2024-23227",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23227"
    },
    {
      "cve": "CVE-2024-23230",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23230"
    },
    {
      "cve": "CVE-2024-23231",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23231"
    },
    {
      "cve": "CVE-2024-23232",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23232"
    },
    {
      "cve": "CVE-2024-23233",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23233"
    },
    {
      "cve": "CVE-2024-23234",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23234"
    },
    {
      "cve": "CVE-2024-23235",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23235"
    },
    {
      "cve": "CVE-2024-23238",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23238"
    },
    {
      "cve": "CVE-2024-23239",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23239"
    },
    {
      "cve": "CVE-2024-23241",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23241"
    },
    {
      "cve": "CVE-2024-23242",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23242"
    },
    {
      "cve": "CVE-2024-23244",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23244"
    },
    {
      "cve": "CVE-2024-23245",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23245"
    },
    {
      "cve": "CVE-2024-23246",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23246"
    },
    {
      "cve": "CVE-2024-23247",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23247"
    },
    {
      "cve": "CVE-2024-23248",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23248"
    },
    {
      "cve": "CVE-2024-23249",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23249"
    },
    {
      "cve": "CVE-2024-23250",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23250"
    },
    {
      "cve": "CVE-2024-23252",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23252"
    },
    {
      "cve": "CVE-2024-23253",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23253"
    },
    {
      "cve": "CVE-2024-23254",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23254"
    },
    {
      "cve": "CVE-2024-23255",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23255"
    },
    {
      "cve": "CVE-2024-23257",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23257"
    },
    {
      "cve": "CVE-2024-23258",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23258"
    },
    {
      "cve": "CVE-2024-23259",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23259"
    },
    {
      "cve": "CVE-2024-23260",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23260"
    },
    {
      "cve": "CVE-2024-23263",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23263"
    },
    {
      "cve": "CVE-2024-23264",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23264"
    },
    {
      "cve": "CVE-2024-23265",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23265"
    },
    {
      "cve": "CVE-2024-23266",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23266"
    },
    {
      "cve": "CVE-2024-23267",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23267"
    },
    {
      "cve": "CVE-2024-23268",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23268"
    },
    {
      "cve": "CVE-2024-23269",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23269"
    },
    {
      "cve": "CVE-2024-23270",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23270"
    },
    {
      "cve": "CVE-2024-23272",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23272"
    },
    {
      "cve": "CVE-2024-23273",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23273"
    },
    {
      "cve": "CVE-2024-23274",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23274"
    },
    {
      "cve": "CVE-2024-23275",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23275"
    },
    {
      "cve": "CVE-2024-23276",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23276"
    },
    {
      "cve": "CVE-2024-23277",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23277"
    },
    {
      "cve": "CVE-2024-23278",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23278"
    },
    {
      "cve": "CVE-2024-23279",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23279"
    },
    {
      "cve": "CVE-2024-23280",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23280"
    },
    {
      "cve": "CVE-2024-23281",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23281"
    },
    {
      "cve": "CVE-2024-23283",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23283"
    },
    {
      "cve": "CVE-2024-23284",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23284"
    },
    {
      "cve": "CVE-2024-23285",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23285"
    },
    {
      "cve": "CVE-2024-23286",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23286"
    },
    {
      "cve": "CVE-2024-23287",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23287"
    },
    {
      "cve": "CVE-2024-23288",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23288"
    },
    {
      "cve": "CVE-2024-23289",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23289"
    },
    {
      "cve": "CVE-2024-23290",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23290"
    },
    {
      "cve": "CVE-2024-23291",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23291"
    },
    {
      "cve": "CVE-2024-23292",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23292"
    },
    {
      "cve": "CVE-2024-23293",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23293"
    },
    {
      "cve": "CVE-2024-23294",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23294"
    },
    {
      "cve": "CVE-2024-23296",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23296"
    },
    {
      "cve": "CVE-2024-23299",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungspr\u00fcfung, einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben oder einer unsachgem\u00e4\u00dfen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern oder Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033318",
          "T033319",
          "T033317"
        ]
      },
      "release_date": "2024-03-07T23:00:00.000+00:00",
      "title": "CVE-2024-23299"
    }
  ]
}

WID-SEC-W-2024-0869

Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2025-09-10 22:00

Summary

Oracle Communications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Windows

CVE-2022-40152

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2022-40896

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2022-45688

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-2283

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-31122

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-33201

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-34053

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-34055

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-4016

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-41056

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-43496

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-44487

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-45142

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-4641

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-46589

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-47100

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-4863

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-48795

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-49083

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-5072

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-51074

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-51257

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-51775

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-5341

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-5363

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2023-6507

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-1635

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-21626

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-22201

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-22233

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-22257

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-22259

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-25062

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-26130

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

CVE-2024-26308

Affected products

Known affected 21 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	23.2.0
Oracle Communications 14.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0.0.0`	14.0.0.0.0
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	23.3.0
Oracle Communications 23.3.2 Oracle / Communications	`cpe:/a:oracle:communications:23.3.2`	23.3.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Communications 23.4.1 Oracle / Communications	`cpe:/a:oracle:communications:23.4.1`	23.4.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Oracle Communications 24.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0.0.0`	24.1.0.0.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	23.2.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 23.3.1 Oracle / Communications	`cpe:/a:oracle:communications:23.3.1`	23.3.1
Oracle Communications 9.1.1.7.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.7.0`	9.1.1.7.0
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	5
Oracle Communications 23.4.0 Oracle / Communications	`cpe:/a:oracle:communications:23.4.0`	23.4.0
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	23.1.0
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	5.1

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=9.0.2 Oracle / Communications		<=9.0.2
Oracle Communications <=7.2.1.0.0 Oracle / Communications		<=7.2.1.0.0
Oracle Communications <=23.4.2 Oracle / Communications		<=23.4.2

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2024…	external
https://access.redhat.com/errata/RHSA-2024:1878	external
https://security.gentoo.org/glsa/202405-01	external
https://access.redhat.com/errata/RHSA-2024:7987	external
https://securitydocs.business.xerox.com/wp-conten…	external
https://linux.oracle.com/errata/ELSA-2025-15608.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0869 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0869 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16",
        "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:1878"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04",
        "url": "https://security.gentoo.org/glsa/202405-01"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10",
        "url": "https://access.redhat.com/errata/RHSA-2024:7987"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21",
        "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-15608 vom 2025-09-11",
        "url": "https://linux.oracle.com/errata/ELSA-2025-15608.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-09-10T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-11T08:26:12.211+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-0869",
      "initial_release_date": "2024-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-05T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-10-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-11-21T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von XEROX aufgenommen"
        },
        {
          "date": "2025-09-10T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5",
                "product": {
                  "name": "Oracle Communications 5.0",
                  "product_id": "T021645",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.4.0",
                "product": {
                  "name": "Oracle Communications 22.4.0",
                  "product_id": "T024981",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:22.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.1.0",
                "product": {
                  "name": "Oracle Communications 23.1.0",
                  "product_id": "T027326",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.2.0",
                "product": {
                  "name": "Oracle Communications 23.2.0",
                  "product_id": "T028682",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.1",
                "product": {
                  "name": "Oracle Communications 5.1",
                  "product_id": "T028684",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.2.2",
                "product": {
                  "name": "Oracle Communications 23.2.2",
                  "product_id": "T030583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.3.0",
                "product": {
                  "name": "Oracle Communications 23.3.0",
                  "product_id": "T030586",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0.0.0",
                "product": {
                  "name": "Oracle Communications 9.0.0.0",
                  "product_id": "T030589",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.2.1.0.0",
                "product": {
                  "name": "Oracle Communications \u003c=7.2.1.0.0",
                  "product_id": "T030593"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.2.1.0.0",
                "product": {
                  "name": "Oracle Communications \u003c=7.2.1.0.0",
                  "product_id": "T030593-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.0.2",
                "product": {
                  "name": "Oracle Communications \u003c=9.0.2",
                  "product_id": "T030595"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.0.2",
                "product": {
                  "name": "Oracle Communications \u003c=9.0.2",
                  "product_id": "T030595-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "23.3.1",
                "product": {
                  "name": "Oracle Communications 23.3.1",
                  "product_id": "T032088",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.4.0",
                "product": {
                  "name": "Oracle Communications 23.4.0",
                  "product_id": "T032091",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.4.1",
                "product": {
                  "name": "Oracle Communications 23.4.1",
                  "product_id": "T034143",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.4.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=23.4.2",
                "product": {
                  "name": "Oracle Communications \u003c=23.4.2",
                  "product_id": "T034144"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=23.4.2",
                "product": {
                  "name": "Oracle Communications \u003c=23.4.2",
                  "product_id": "T034144-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "24.1.0",
                "product": {
                  "name": "Oracle Communications 24.1.0",
                  "product_id": "T034145",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:24.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.2",
                "product": {
                  "name": "Oracle Communications 5.2",
                  "product_id": "T034146",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.1.0.0.0",
                "product": {
                  "name": "Oracle Communications 24.1.0.0.0",
                  "product_id": "T034147",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:24.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.3.2",
                "product": {
                  "name": "Oracle Communications 23.3.2",
                  "product_id": "T034148",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.3.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.0.0.0.0",
                "product": {
                  "name": "Oracle Communications 14.0.0.0.0",
                  "product_id": "T034149",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:14.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.1.1.7.0",
                "product": {
                  "name": "Oracle Communications 9.1.1.7.0",
                  "product_id": "T034150",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.1.7.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v9",
                "product": {
                  "name": "Xerox FreeFlow Print Server v9",
                  "product_id": "T015632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-40152",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-40896",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-40896"
    },
    {
      "cve": "CVE-2022-45688",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2023-2283",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-2283"
    },
    {
      "cve": "CVE-2023-31122",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-31122"
    },
    {
      "cve": "CVE-2023-33201",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-34053",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-34053"
    },
    {
      "cve": "CVE-2023-34055",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-34055"
    },
    {
      "cve": "CVE-2023-4016",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-4016"
    },
    {
      "cve": "CVE-2023-41056",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-41056"
    },
    {
      "cve": "CVE-2023-43496",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-43496"
    },
    {
      "cve": "CVE-2023-44487",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45142",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-45142"
    },
    {
      "cve": "CVE-2023-4641",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-4641"
    },
    {
      "cve": "CVE-2023-46589",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-46589"
    },
    {
      "cve": "CVE-2023-47100",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-47100"
    },
    {
      "cve": "CVE-2023-4863",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-4863"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-49083",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-49083"
    },
    {
      "cve": "CVE-2023-5072",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2023-51074",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-51074"
    },
    {
      "cve": "CVE-2023-51257",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-51257"
    },
    {
      "cve": "CVE-2023-51775",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-51775"
    },
    {
      "cve": "CVE-2023-5341",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-5341"
    },
    {
      "cve": "CVE-2023-5363",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-5363"
    },
    {
      "cve": "CVE-2023-6507",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-6507"
    },
    {
      "cve": "CVE-2024-1635",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-1635"
    },
    {
      "cve": "CVE-2024-21626",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21626"
    },
    {
      "cve": "CVE-2024-22201",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-22201"
    },
    {
      "cve": "CVE-2024-22233",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-22233"
    },
    {
      "cve": "CVE-2024-22257",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-22257"
    },
    {
      "cve": "CVE-2024-22259",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-22259"
    },
    {
      "cve": "CVE-2024-25062",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-26130",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-26130"
    },
    {
      "cve": "CVE-2024-26308",
      "product_status": {
        "known_affected": [
          "T028682",
          "T034149",
          "T030586",
          "T034148",
          "T030589",
          "67646",
          "T034143",
          "T015632",
          "T012167",
          "T004914",
          "T034147",
          "T034146",
          "T030583",
          "T034145",
          "T032088",
          "T034150",
          "T021645",
          "T032091",
          "T027326",
          "T024981",
          "T028684"
        ],
        "last_affected": [
          "T030595",
          "T030593",
          "T034144"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-26308"
    }
  ]
}

WID-SEC-W-2024-0874

Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2024-04-16 22:00

Summary

Oracle Enterprise Manager: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2021-36770

In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2022-34381

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2022-42920

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2022-46337

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2023-1370

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2023-20861

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2023-42503

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2023-44487

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2023-48795

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

CVE-2024-21067

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Enterprise Manager 13.3.0.1 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.3.0.1`	13.3.0.1
Oracle Enterprise Manager 13.5.0.0 Oracle / Enterprise Manager	`cpe:/a:oracle:enterprise_manager:13.5.0.0`	13.5.0.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2024…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle f\u00fcr Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0874 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0874.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0874 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0874"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Enterprise Manager vom 2024-04-16",
        "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixEM"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Enterprise Manager: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:07:41.950+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0874",
      "initial_release_date": "2024-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "13.3.0.1",
                "product": {
                  "name": "Oracle Enterprise Manager 13.3.0.1",
                  "product_id": "T018974",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:enterprise_manager:13.3.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13.5.0.0",
                "product": {
                  "name": "Oracle Enterprise Manager 13.5.0.0",
                  "product_id": "T020692",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:enterprise_manager:13.5.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Manager"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-36770",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2021-36770"
    },
    {
      "cve": "CVE-2022-34381",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-34381"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2022-46337",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-46337"
    },
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-20861",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-20861"
    },
    {
      "cve": "CVE-2023-42503",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-42503"
    },
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-48795",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2024-21067",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T018974",
          "T020692"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21067"
    }
  ]
}

WID-SEC-W-2024-0885

Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2024-04-16 22:00

Summary

Oracle Database Server: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2023-36632

In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality" und "Integrity", sowie "LOW" für "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.

Affected products

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server <=19.22 Oracle / Database Server		<=19.22
Oracle Database Server <=21.13 Oracle / Database Server		<=21.13

CVE-2023-48795

Affected products

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server <=19.22 Oracle / Database Server		<=19.22
Oracle Database Server <=21.13 Oracle / Database Server		<=21.13

CVE-2023-5072

Affected products

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server <=19.22 Oracle / Database Server		<=19.22
Oracle Database Server <=21.13 Oracle / Database Server		<=21.13

CVE-2024-20995

Affected products

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server <=19.22 Oracle / Database Server		<=19.22
Oracle Database Server <=21.13 Oracle / Database Server		<=21.13

CVE-2024-21058

Affected products

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server <=19.22 Oracle / Database Server		<=19.22
Oracle Database Server <=21.13 Oracle / Database Server		<=21.13

CVE-2024-21066

Affected products

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server <=19.22 Oracle / Database Server		<=19.22
Oracle Database Server <=21.13 Oracle / Database Server		<=21.13

CVE-2024-21093

Affected products

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server <=19.22 Oracle / Database Server		<=19.22
Oracle Database Server <=21.13 Oracle / Database Server		<=21.13

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2024…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0885 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0885.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0885 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0885"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Database Server vom 2024-04-16",
        "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixDB"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Database Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:07:44.560+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0885",
      "initial_release_date": "2024-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=19.22",
                "product": {
                  "name": "Oracle Database Server \u003c=19.22",
                  "product_id": "1601902"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=21.13",
                "product": {
                  "name": "Oracle Database Server \u003c=21.13",
                  "product_id": "T034140"
                }
              }
            ],
            "category": "product_name",
            "name": "Database Server"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-36632",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\" und \"Integrity\", sowie \"LOW\" f\u00fcr \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "last_affected": [
          "1601902",
          "T034140"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-36632"
    },
    {
      "cve": "CVE-2023-48795",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\" und \"Integrity\", sowie \"LOW\" f\u00fcr \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "last_affected": [
          "1601902",
          "T034140"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-5072",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\" und \"Integrity\", sowie \"LOW\" f\u00fcr \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "last_affected": [
          "1601902",
          "T034140"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2024-20995",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\" und \"Integrity\", sowie \"LOW\" f\u00fcr \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "last_affected": [
          "1601902",
          "T034140"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-20995"
    },
    {
      "cve": "CVE-2024-21058",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\" und \"Integrity\", sowie \"LOW\" f\u00fcr \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "last_affected": [
          "1601902",
          "T034140"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21058"
    },
    {
      "cve": "CVE-2024-21066",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\" und \"Integrity\", sowie \"LOW\" f\u00fcr \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "last_affected": [
          "1601902",
          "T034140"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21066"
    },
    {
      "cve": "CVE-2024-21093",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\" und \"Integrity\", sowie \"LOW\" f\u00fcr \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "last_affected": [
          "1601902",
          "T034140"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21093"
    }
  ]
}

WID-SEC-W-2024-0889

Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2024-04-16 22:00

Summary

Oracle Support Tools: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Die Oracle Support Tools sind eine Sammlung von Werkzeugen zur Wartung und zum Support von Oracle Produkten.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Support Tools ausnutzen, um die Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2023-1370

In Oracle Support Tools existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Support Tools 2.12.45 Oracle / Support Tools	`cpe:/a:oracle:support_tools:2.12.45`	2.12.45
Oracle Support Tools 23.1.23.1.17 Oracle / Support Tools	`cpe:/a:oracle:support_tools:23.1.23.1.17`	23.1.23.1.17
Oracle Support Tools 2.12.44 Oracle / Support Tools	`cpe:/a:oracle:support_tools:2.12.44`	2.12.44
Oracle Support Tools 24.1.24.1.16 Oracle / Support Tools	`cpe:/a:oracle:support_tools:24.1.24.1.16`	24.1.24.1.16

CVE-2023-48795

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Support Tools 2.12.45 Oracle / Support Tools	`cpe:/a:oracle:support_tools:2.12.45`	2.12.45
Oracle Support Tools 23.1.23.1.17 Oracle / Support Tools	`cpe:/a:oracle:support_tools:23.1.23.1.17`	23.1.23.1.17
Oracle Support Tools 2.12.44 Oracle / Support Tools	`cpe:/a:oracle:support_tools:2.12.44`	2.12.44
Oracle Support Tools 24.1.24.1.16 Oracle / Support Tools	`cpe:/a:oracle:support_tools:24.1.24.1.16`	24.1.24.1.16

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2024…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Oracle Support Tools sind eine Sammlung von Werkzeugen zur Wartung und zum Support von Oracle Produkten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Support Tools ausnutzen, um die Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0889 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0889.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0889 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0889"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Support Tools vom 2024-04-16",
        "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixTOOL"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Support Tools: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:07:45.520+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0889",
      "initial_release_date": "2024-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.12.44",
                "product": {
                  "name": "Oracle Support Tools 2.12.44",
                  "product_id": "T034192",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:support_tools:2.12.44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.1.23.1.17",
                "product": {
                  "name": "Oracle Support Tools 23.1.23.1.17",
                  "product_id": "T034193",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:support_tools:23.1.23.1.17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.12.45",
                "product": {
                  "name": "Oracle Support Tools 2.12.45",
                  "product_id": "T034194",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:support_tools:2.12.45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.1.24.1.16",
                "product": {
                  "name": "Oracle Support Tools 24.1.24.1.16",
                  "product_id": "T034195",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:support_tools:24.1.24.1.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Support Tools"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Support Tools existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034194",
          "T034193",
          "T034192",
          "T034195"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-48795",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Support Tools existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034194",
          "T034193",
          "T034192",
          "T034195"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    }
  ]
}

WID-SEC-W-2024-0892

Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2024-04-16 22:00

Summary

Oracle Retail Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2022-31160

In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Retail Applications 23.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:23.0.1`	23.0.1
Oracle Retail Applications 22.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:22.0.1`	22.0.1
Oracle Retail Applications 21.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:21.0.3`	21.0.3
Oracle Retail Applications 20.0.4 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:20.0.4`	20.0.4
Oracle Retail Applications 16.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:16.0.3`	16.0.3
Oracle Retail Applications 19.0.0.9 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.0.9`	19.0.0.9
Oracle Retail Applications 19.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.1`	19.0.1
Oracle Retail Applications 14.1.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3`	14.1.3
Oracle Retail Applications 19.0.5 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.5`	19.0.5
Oracle Retail Applications 14.1.3.2 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.2`	14.1.3.2
Oracle Retail Applications 14.1.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.1`	14.1.3.1
Oracle Retail Applications 15.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3`	15.0.3
Oracle Retail Applications 15.0.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3.1`	15.0.3.1

CVE-2022-34381

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Retail Applications 23.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:23.0.1`	23.0.1
Oracle Retail Applications 22.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:22.0.1`	22.0.1
Oracle Retail Applications 21.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:21.0.3`	21.0.3
Oracle Retail Applications 20.0.4 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:20.0.4`	20.0.4
Oracle Retail Applications 16.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:16.0.3`	16.0.3
Oracle Retail Applications 19.0.0.9 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.0.9`	19.0.0.9
Oracle Retail Applications 19.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.1`	19.0.1
Oracle Retail Applications 14.1.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3`	14.1.3
Oracle Retail Applications 19.0.5 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.5`	19.0.5
Oracle Retail Applications 14.1.3.2 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.2`	14.1.3.2
Oracle Retail Applications 14.1.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.1`	14.1.3.1
Oracle Retail Applications 15.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3`	15.0.3
Oracle Retail Applications 15.0.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3.1`	15.0.3.1

CVE-2022-42920

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Retail Applications 23.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:23.0.1`	23.0.1
Oracle Retail Applications 22.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:22.0.1`	22.0.1
Oracle Retail Applications 21.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:21.0.3`	21.0.3
Oracle Retail Applications 20.0.4 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:20.0.4`	20.0.4
Oracle Retail Applications 16.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:16.0.3`	16.0.3
Oracle Retail Applications 19.0.0.9 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.0.9`	19.0.0.9
Oracle Retail Applications 19.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.1`	19.0.1
Oracle Retail Applications 14.1.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3`	14.1.3
Oracle Retail Applications 19.0.5 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.5`	19.0.5
Oracle Retail Applications 14.1.3.2 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.2`	14.1.3.2
Oracle Retail Applications 14.1.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.1`	14.1.3.1
Oracle Retail Applications 15.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3`	15.0.3
Oracle Retail Applications 15.0.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3.1`	15.0.3.1

CVE-2022-46337

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Retail Applications 23.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:23.0.1`	23.0.1
Oracle Retail Applications 22.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:22.0.1`	22.0.1
Oracle Retail Applications 21.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:21.0.3`	21.0.3
Oracle Retail Applications 20.0.4 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:20.0.4`	20.0.4
Oracle Retail Applications 16.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:16.0.3`	16.0.3
Oracle Retail Applications 19.0.0.9 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.0.9`	19.0.0.9
Oracle Retail Applications 19.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.1`	19.0.1
Oracle Retail Applications 14.1.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3`	14.1.3
Oracle Retail Applications 19.0.5 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.5`	19.0.5
Oracle Retail Applications 14.1.3.2 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.2`	14.1.3.2
Oracle Retail Applications 14.1.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.1`	14.1.3.1
Oracle Retail Applications 15.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3`	15.0.3
Oracle Retail Applications 15.0.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3.1`	15.0.3.1

CVE-2023-1436

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Retail Applications 23.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:23.0.1`	23.0.1
Oracle Retail Applications 22.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:22.0.1`	22.0.1
Oracle Retail Applications 21.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:21.0.3`	21.0.3
Oracle Retail Applications 20.0.4 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:20.0.4`	20.0.4
Oracle Retail Applications 16.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:16.0.3`	16.0.3
Oracle Retail Applications 19.0.0.9 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.0.9`	19.0.0.9
Oracle Retail Applications 19.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.1`	19.0.1
Oracle Retail Applications 14.1.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3`	14.1.3
Oracle Retail Applications 19.0.5 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.5`	19.0.5
Oracle Retail Applications 14.1.3.2 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.2`	14.1.3.2
Oracle Retail Applications 14.1.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.1`	14.1.3.1
Oracle Retail Applications 15.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3`	15.0.3
Oracle Retail Applications 15.0.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3.1`	15.0.3.1

CVE-2023-2976

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Retail Applications 23.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:23.0.1`	23.0.1
Oracle Retail Applications 22.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:22.0.1`	22.0.1
Oracle Retail Applications 21.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:21.0.3`	21.0.3
Oracle Retail Applications 20.0.4 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:20.0.4`	20.0.4
Oracle Retail Applications 16.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:16.0.3`	16.0.3
Oracle Retail Applications 19.0.0.9 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.0.9`	19.0.0.9
Oracle Retail Applications 19.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.1`	19.0.1
Oracle Retail Applications 14.1.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3`	14.1.3
Oracle Retail Applications 19.0.5 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.5`	19.0.5
Oracle Retail Applications 14.1.3.2 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.2`	14.1.3.2
Oracle Retail Applications 14.1.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.1`	14.1.3.1
Oracle Retail Applications 15.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3`	15.0.3
Oracle Retail Applications 15.0.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3.1`	15.0.3.1

CVE-2023-34981

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Retail Applications 23.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:23.0.1`	23.0.1
Oracle Retail Applications 22.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:22.0.1`	22.0.1
Oracle Retail Applications 21.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:21.0.3`	21.0.3
Oracle Retail Applications 20.0.4 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:20.0.4`	20.0.4
Oracle Retail Applications 16.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:16.0.3`	16.0.3
Oracle Retail Applications 19.0.0.9 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.0.9`	19.0.0.9
Oracle Retail Applications 19.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.1`	19.0.1
Oracle Retail Applications 14.1.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3`	14.1.3
Oracle Retail Applications 19.0.5 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.5`	19.0.5
Oracle Retail Applications 14.1.3.2 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.2`	14.1.3.2
Oracle Retail Applications 14.1.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.1`	14.1.3.1
Oracle Retail Applications 15.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3`	15.0.3
Oracle Retail Applications 15.0.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3.1`	15.0.3.1

CVE-2023-48795

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Retail Applications 23.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:23.0.1`	23.0.1
Oracle Retail Applications 22.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:22.0.1`	22.0.1
Oracle Retail Applications 21.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:21.0.3`	21.0.3
Oracle Retail Applications 20.0.4 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:20.0.4`	20.0.4
Oracle Retail Applications 16.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:16.0.3`	16.0.3
Oracle Retail Applications 19.0.0.9 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.0.9`	19.0.0.9
Oracle Retail Applications 19.0.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.1`	19.0.1
Oracle Retail Applications 14.1.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3`	14.1.3
Oracle Retail Applications 19.0.5 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:19.0.5`	19.0.5
Oracle Retail Applications 14.1.3.2 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.2`	14.1.3.2
Oracle Retail Applications 14.1.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:14.1.3.1`	14.1.3.1
Oracle Retail Applications 15.0.3 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3`	15.0.3
Oracle Retail Applications 15.0.3.1 Oracle / Retail Applications	`cpe:/a:oracle:retail_applications:15.0.3.1`	15.0.3.1

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2024…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterst\u00fctzung u. a.  von Handelsfirmen und der Gastronomie.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0892 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0892.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0892 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0892"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Retail Applications vom 2024-04-16",
        "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixRAPP"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Retail Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:07:46.143+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0892",
      "initial_release_date": "2024-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "16.0.3",
                "product": {
                  "name": "Oracle Retail Applications 16.0.3",
                  "product_id": "T019034",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:16.0.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.1",
                "product": {
                  "name": "Oracle Retail Applications 19.0.1",
                  "product_id": "T019038",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:19.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.3.1",
                "product": {
                  "name": "Oracle Retail Applications 15.0.3.1",
                  "product_id": "T019909",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:15.0.3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.3.2",
                "product": {
                  "name": "Oracle Retail Applications 14.1.3.2",
                  "product_id": "T019910",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:14.1.3.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.3",
                "product": {
                  "name": "Oracle Retail Applications 14.1.3",
                  "product_id": "T020720",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:14.1.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.3",
                "product": {
                  "name": "Oracle Retail Applications 15.0.3",
                  "product_id": "T020721",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:15.0.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.3.1",
                "product": {
                  "name": "Oracle Retail Applications 14.1.3.1",
                  "product_id": "T034182",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:14.1.3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.5",
                "product": {
                  "name": "Oracle Retail Applications 19.0.5",
                  "product_id": "T034183",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:19.0.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "20.0.4",
                "product": {
                  "name": "Oracle Retail Applications 20.0.4",
                  "product_id": "T034184",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:20.0.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.3",
                "product": {
                  "name": "Oracle Retail Applications 21.0.3",
                  "product_id": "T034185",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:21.0.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.0.1",
                "product": {
                  "name": "Oracle Retail Applications 22.0.1",
                  "product_id": "T034186",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:22.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.0.1",
                "product": {
                  "name": "Oracle Retail Applications 23.0.1",
                  "product_id": "T034187",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:23.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.0.9",
                "product": {
                  "name": "Oracle Retail Applications 19.0.0.9",
                  "product_id": "T034188",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_applications:19.0.0.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Retail Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-31160",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034187",
          "T034186",
          "T034185",
          "T034184",
          "T019034",
          "T034188",
          "T019038",
          "T020720",
          "T034183",
          "T019910",
          "T034182",
          "T020721",
          "T019909"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-31160"
    },
    {
      "cve": "CVE-2022-34381",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034187",
          "T034186",
          "T034185",
          "T034184",
          "T019034",
          "T034188",
          "T019038",
          "T020720",
          "T034183",
          "T019910",
          "T034182",
          "T020721",
          "T019909"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-34381"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034187",
          "T034186",
          "T034185",
          "T034184",
          "T019034",
          "T034188",
          "T019038",
          "T020720",
          "T034183",
          "T019910",
          "T034182",
          "T020721",
          "T019909"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2022-46337",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034187",
          "T034186",
          "T034185",
          "T034184",
          "T019034",
          "T034188",
          "T019038",
          "T020720",
          "T034183",
          "T019910",
          "T034182",
          "T020721",
          "T019909"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-46337"
    },
    {
      "cve": "CVE-2023-1436",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034187",
          "T034186",
          "T034185",
          "T034184",
          "T019034",
          "T034188",
          "T019038",
          "T020720",
          "T034183",
          "T019910",
          "T034182",
          "T020721",
          "T019909"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034187",
          "T034186",
          "T034185",
          "T034184",
          "T019034",
          "T034188",
          "T019038",
          "T020720",
          "T034183",
          "T019910",
          "T034182",
          "T020721",
          "T019909"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-34981",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034187",
          "T034186",
          "T034185",
          "T034184",
          "T019034",
          "T034188",
          "T019038",
          "T020720",
          "T034183",
          "T019910",
          "T034182",
          "T020721",
          "T019909"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-34981"
    },
    {
      "cve": "CVE-2023-48795",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034187",
          "T034186",
          "T034185",
          "T034184",
          "T019034",
          "T034188",
          "T019038",
          "T020720",
          "T034183",
          "T019910",
          "T034182",
          "T020721",
          "T019909"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    }
  ]
}

WID-SEC-W-2024-0899

Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2025-06-09 22:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2019-0231

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2019-10172

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2019-13990

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2021-23369

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-1471

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-24329

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-25147

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-34169

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-34381

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-42003

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-45378

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-46337

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-48579

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-24021

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-2976

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-31122

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-33201

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-35116

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-35887

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-3635

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-37536

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-44487

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-46218

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-46589

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-48795

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-5072

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-52428

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-1597

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-20991

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-20992

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21006

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21007

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21117

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21118

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21119

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21120

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-23635

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-26308

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	8.5.6
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	12.2.1.3.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2024…	external
https://github.com/d3fudd/CVE-2024-21006_POC	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0899 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0899.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0899 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0899"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Fusion Middleware vom 2024-04-16",
        "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2024-21006 vom 2025-06-09",
        "url": "https://github.com/d3fudd/CVE-2024-21006_POC"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-10T06:12:15.168+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-0899",
      "initial_release_date": "2024-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-06-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "PoC f\u00fcr CVE-2024-21006 aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.2.1.3.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.3.0",
                  "product_id": "618028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5.6",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.6",
                  "product_id": "T024993",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5.7",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.7",
                  "product_id": "T034057",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-0231",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-0231"
    },
    {
      "cve": "CVE-2019-10172",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-10172"
    },
    {
      "cve": "CVE-2019-13990",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-13990"
    },
    {
      "cve": "CVE-2021-23369",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2021-23369"
    },
    {
      "cve": "CVE-2022-1471",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-24329",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-24329"
    },
    {
      "cve": "CVE-2022-25147",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-25147"
    },
    {
      "cve": "CVE-2022-34169",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-34169"
    },
    {
      "cve": "CVE-2022-34381",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-34381"
    },
    {
      "cve": "CVE-2022-42003",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-45378",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-45378"
    },
    {
      "cve": "CVE-2022-46337",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-46337"
    },
    {
      "cve": "CVE-2022-48579",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-48579"
    },
    {
      "cve": "CVE-2023-24021",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-24021"
    },
    {
      "cve": "CVE-2023-2976",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-31122",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-31122"
    },
    {
      "cve": "CVE-2023-33201",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-35116",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-35887",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-35887"
    },
    {
      "cve": "CVE-2023-3635",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-3635"
    },
    {
      "cve": "CVE-2023-37536",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-37536"
    },
    {
      "cve": "CVE-2023-44487",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-46218",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-46218"
    },
    {
      "cve": "CVE-2023-46589",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-46589"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-5072",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2023-52428",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-52428"
    },
    {
      "cve": "CVE-2024-1597",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-1597"
    },
    {
      "cve": "CVE-2024-20991",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-20991"
    },
    {
      "cve": "CVE-2024-20992",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-20992"
    },
    {
      "cve": "CVE-2024-21006",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21006"
    },
    {
      "cve": "CVE-2024-21007",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21007"
    },
    {
      "cve": "CVE-2024-21117",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21117"
    },
    {
      "cve": "CVE-2024-21118",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21118"
    },
    {
      "cve": "CVE-2024-21119",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21119"
    },
    {
      "cve": "CVE-2024-21120",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-21120"
    },
    {
      "cve": "CVE-2024-23635",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-23635"
    },
    {
      "cve": "CVE-2024-26308",
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-26308"
    }
  ]
}

WID-SEC-W-2024-1082

Vulnerability from csaf_certbund - Published: 2024-05-09 22:00 - Updated: 2024-05-09 22:00

Summary

Juniper JUNOS: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS im Zusammenhang mit OpenSSH ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen oder Dateien zu manipulieren.

Betroffene Betriebssysteme: - Juniper Appliance

CVE-2016-20012

In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauenswürdigen Suchpfad oder einer unzulässigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen oder Dateien zu manipulieren.

CVE-2017-15906

CVE-2018-15473

CVE-2018-15919

CVE-2018-20685

CVE-2019-6109

CVE-2019-6110

CVE-2019-6111

CVE-2020-12062

CVE-2020-14145

CVE-2020-15778

CVE-2021-28041

CVE-2021-36368

CVE-2021-41617

CVE-2023-28531

CVE-2023-38408

CVE-2023-48795

CVE-2023-51384

CVE-2023-51385

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://supportportal.juniper.net/s/article/2024-…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS im Zusammenhang mit OpenSSH ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Juniper Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1082 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1082.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1082 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1082"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory vom 2024-05-09",
        "url": "https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper JUNOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:08:45.014+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1082",
      "initial_release_date": "2024-05-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=19.4R1",
                "product": {
                  "name": "Juniper JUNOS \u003e=19.4R1",
                  "product_id": "T034677"
                }
              },
              {
                "category": "product_version_range",
                "name": "Evolved \u003e=22.3R1",
                "product": {
                  "name": "Juniper JUNOS Evolved \u003e=22.3R1",
                  "product_id": "T034678"
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-20012",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2016-20012"
    },
    {
      "cve": "CVE-2017-15906",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2017-15906"
    },
    {
      "cve": "CVE-2018-15473",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2018-15473"
    },
    {
      "cve": "CVE-2018-15919",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2018-15919"
    },
    {
      "cve": "CVE-2018-20685",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2018-20685"
    },
    {
      "cve": "CVE-2019-6109",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2019-6109"
    },
    {
      "cve": "CVE-2019-6110",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2019-6110"
    },
    {
      "cve": "CVE-2019-6111",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2019-6111"
    },
    {
      "cve": "CVE-2020-12062",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2020-12062"
    },
    {
      "cve": "CVE-2020-14145",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2020-14145"
    },
    {
      "cve": "CVE-2020-15778",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2020-15778"
    },
    {
      "cve": "CVE-2021-28041",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2021-28041"
    },
    {
      "cve": "CVE-2021-36368",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2021-36368"
    },
    {
      "cve": "CVE-2021-41617",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2021-41617"
    },
    {
      "cve": "CVE-2023-28531",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2023-28531"
    },
    {
      "cve": "CVE-2023-38408",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2023-38408"
    },
    {
      "cve": "CVE-2023-48795",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-51384",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2023-51384"
    },
    {
      "cve": "CVE-2023-51385",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper JUNOS bestehen mehrere Schwachstellen in Bezug auf OpenSSH. Diese Fehler bestehen aufgrund verschiedener sicherheitsrelevanter Probleme wie einer fehlenden Zeichenkodierung, einem nicht ausreichend vertrauensw\u00fcrdigen Suchpfad oder einer unzul\u00e4ssigen Verhinderung von Schreiboperationen und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2023-51385"
    }
  ]
}

WID-SEC-W-2024-1186

Vulnerability from csaf_certbund - Published: 2024-05-20 22:00 - Updated: 2026-01-25 23:00

Summary

IBM DB2 REST: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DB2 REST ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2019-19126

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2020-10029

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2020-1751

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2020-1752

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2021-35942

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2021-3711

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2021-3712

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2021-3999

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2021-4160

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2022-0778

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2022-1292

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2022-2068

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2022-2097

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

CVE-2023-48795

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Dell Data Protection Advisor <19.12 Dell / Data Protection Advisor		<19.12
IBM DB2 REST <1.0.0.304-amd64 IBM / DB2		REST <1.0.0.304-amd64

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7154484	external
https://www.dell.com/support/kbdoc/en-us/00028173…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DB2 REST ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1186 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1186.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1186 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1186"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin - 7154484 vom 2024-05-20",
        "url": "https://www.ibm.com/support/pages/node/7154484"
      },
      {
        "category": "external",
        "summary": "Deell Security Update",
        "url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2 REST: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-01-25T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-26T09:36:00.903+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2024-1186",
      "initial_release_date": "2024-05-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-25T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.12",
                "product": {
                  "name": "Dell Data Protection Advisor \u003c19.12",
                  "product_id": "T050283"
                }
              },
              {
                "category": "product_version",
                "name": "19.12",
                "product": {
                  "name": "Dell Data Protection Advisor 19.12",
                  "product_id": "T050283-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:data_protection_advisor:19.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Data Protection Advisor"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "REST \u003c1.0.0.304-amd64",
                "product": {
                  "name": "IBM DB2 REST \u003c1.0.0.304-amd64",
                  "product_id": "T034928"
                }
              },
              {
                "category": "product_version",
                "name": "REST 1.0.0.304-amd64",
                "product": {
                  "name": "IBM DB2 REST 1.0.0.304-amd64",
                  "product_id": "T034928-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:rest__1.0.0.304-amd64"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19126",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2019-19126"
    },
    {
      "cve": "CVE-2020-10029",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2020-10029"
    },
    {
      "cve": "CVE-2020-1751",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2020-1751"
    },
    {
      "cve": "CVE-2020-1752",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2020-1752"
    },
    {
      "cve": "CVE-2021-35942",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2021-35942"
    },
    {
      "cve": "CVE-2021-3711",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2021-3711"
    },
    {
      "cve": "CVE-2021-3712",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2021-3712"
    },
    {
      "cve": "CVE-2021-3999",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2021-3999"
    },
    {
      "cve": "CVE-2021-4160",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2021-4160"
    },
    {
      "cve": "CVE-2022-0778",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2022-0778"
    },
    {
      "cve": "CVE-2022-1292",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2022-1292"
    },
    {
      "cve": "CVE-2022-2068",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2022-2068"
    },
    {
      "cve": "CVE-2022-2097",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2022-2097"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "T050283",
          "T034928"
        ]
      },
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    }
  ]
}

WID-SEC-W-2024-1228

Vulnerability from csaf_certbund - Published: 2024-05-22 22:00 - Updated: 2026-04-15 22:00

Summary

Red Hat OpenStack: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu können.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenStack ausnutzen, um Sicherheitsmaßnahmen zu umgehen, eine Denial-of-Service-Zustand zu erzeugen, um vertrauliche Informationen offenzulegen und Daten zu ändern.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2024-1135

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-39325

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-44487

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-45288

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2024-4438

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-39326

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-45287

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2024-1394

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2024-24680

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2024-1141

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-45803

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-48795

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-6725

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2023-6110

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

CVE-2024-22195

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat OpenStack 16.2 Red Hat / OpenStack	`cpe:/a:redhat:openstack:16.2`	16.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenStack <17.1 Red Hat / OpenStack		<17.1
Red Hat OpenShift Container Platform <4.12.72 Red Hat / OpenShift		Container Platform <4.12.72
IBM MQ Operator IBM / MQ	`cpe:/a:ibm:mq:operator`	Operator
Red Hat OpenShift Container Platform <4.15.39 Red Hat / OpenShift		Container Platform <4.15.39

References

29 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2024:2727	external
https://access.redhat.com/errata/RHSA-2024:2729	external
https://access.redhat.com/errata/RHSA-2024:2730	external
https://access.redhat.com/errata/RHSA-2024:2767	external
https://access.redhat.com/errata/RHSA-2024:2731	external
https://access.redhat.com/errata/RHSA-2024:2732	external
https://access.redhat.com/errata/RHSA-2024:2733	external
https://access.redhat.com/errata/RHSA-2024:2734	external
https://access.redhat.com/errata/RHSA-2024:2735	external
https://access.redhat.com/errata/RHSA-2024:2768	external
https://access.redhat.com/errata/RHSA-2024:2736	external
https://access.redhat.com/errata/RHSA-2024:2770	external
https://access.redhat.com/errata/RHSA-2024:2737	external
https://access.redhat.com/errata/RHSA-2024:2769	external
https://access.redhat.com/errata/RHSA-2024:3352	external
https://access.redhat.com/errata/RHSA-2024:3327	external
https://access.redhat.com/errata/RHSA-2024:3331	external
https://access.redhat.com/errata/RHSA-2024:3467	external
https://access.redhat.com/errata/RHSA-2024:3713	external
https://access.redhat.com/errata/RHSA-2024:4054	external
https://access.redhat.com/errata/RHSA-2024:7987	external
https://access.redhat.com/errata/RHSA-2024:8688	external
https://access.redhat.com/errata/RHSA-2024:8692	external
https://access.redhat.com/errata/RHSA-2024:10142	external
https://access.redhat.com/errata/RHSA-2025:0832	external
https://www.ibm.com/support/pages/node/7240431	external
https://access.redhat.com/errata/RHSA-2026:8322	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu k\u00f6nnen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenStack ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, eine Denial-of-Service-Zustand zu erzeugen, um vertrauliche Informationen offenzulegen und Daten zu \u00e4ndern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1228 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1228.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1228 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1228"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2727 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2727"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2729 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2729"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2730 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2730"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2767 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2767"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2731 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2731"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2732 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2732"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2733 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2733"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2734 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2734"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2735 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2735"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2768 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2768"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2736 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2736"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2770 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2770"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2737 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2737"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2769 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2769"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3352 vom 2024-05-23",
        "url": "https://access.redhat.com/errata/RHSA-2024:3352"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:3327"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3331 vom 2024-05-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:3331"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:3467"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3713 vom 2024-06-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:3713"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4054 vom 2024-06-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:4054"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10",
        "url": "https://access.redhat.com/errata/RHSA-2024:7987"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:8688"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07",
        "url": "https://access.redhat.com/errata/RHSA-2024:8692"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10142 vom 2024-11-26",
        "url": "https://access.redhat.com/errata/RHSA-2024:10142"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0832 vom 2025-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:0832"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin",
        "url": "https://www.ibm.com/support/pages/node/7240431"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8322 vom 2026-04-15",
        "url": "https://access.redhat.com/errata/RHSA-2026:8322"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat OpenStack: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-04-15T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-16T10:28:59.451+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2024-1228",
      "initial_release_date": "2024-05-22T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-22T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-05-23T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-23T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-10T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-11-06T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-11-25T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-05T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-07-24T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-04-15T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Operator",
                "product": {
                  "name": "IBM MQ Operator",
                  "product_id": "T036688",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:operator"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.15.39",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.15.39",
                  "product_id": "T039437"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.15.39",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.15.39",
                  "product_id": "T039437-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.39"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.12.72",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.12.72",
                  "product_id": "T040822"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.12.72",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12.72",
                  "product_id": "T040822-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.72"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "16.2",
                "product": {
                  "name": "Red Hat OpenStack 16.2",
                  "product_id": "T023999",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:16.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c17.1",
                "product": {
                  "name": "Red Hat OpenStack \u003c17.1",
                  "product_id": "T031314"
                }
              },
              {
                "category": "product_version",
                "name": "17.1",
                "product": {
                  "name": "Red Hat OpenStack 17.1",
                  "product_id": "T031314-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:17.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenStack"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-1135",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2024-1135"
    },
    {
      "cve": "CVE-2023-39325",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-39325"
    },
    {
      "cve": "CVE-2023-44487",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45288",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-45288"
    },
    {
      "cve": "CVE-2024-4438",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2024-4438"
    },
    {
      "cve": "CVE-2023-39326",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-39326"
    },
    {
      "cve": "CVE-2023-45287",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-45287"
    },
    {
      "cve": "CVE-2024-1394",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2024-1394"
    },
    {
      "cve": "CVE-2024-24680",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2024-24680"
    },
    {
      "cve": "CVE-2024-1141",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2024-1141"
    },
    {
      "cve": "CVE-2023-45803",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-45803"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-6725",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-6725"
    },
    {
      "cve": "CVE-2023-6110",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2023-6110"
    },
    {
      "cve": "CVE-2024-22195",
      "product_status": {
        "known_affected": [
          "T023999",
          "67646",
          "T031314",
          "T040822",
          "T036688",
          "T039437"
        ]
      },
      "release_date": "2024-05-22T22:00:00.000+00:00",
      "title": "CVE-2024-22195"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-48795 (GCVE-0-2023-48795)

Tags

Sightings

Nomenclature