Vulnerability-Lookup

CVE-2023-50782 (GCVE-0-2023-50782)

Vulnerability from cvelistv5 – Published: 2024-02-05 20:45 – Updated: 2026-03-24 11:28

Title

Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659

Summary

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-203 - Observable Discrepancy

Assigner

redhat

References

3 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2023-50782	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2254432	issue-trackingx_refsource_REDHAT
https://www.couchbase.com/alerts/	x_transferred

Impacted products

7 products

Vendor	Product	Version
		Affected: 3.2 , < 42.0.0 (semver)
Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Satellite 6	cpe:/a:redhat:satellite:6
Red Hat	Red Hat Update Infrastructure 4 for Cloud Providers	cpe:/a:redhat:rhui:4::el8

Date Public

2023-12-13 00:00

Credits

This issue was discovered by Hubert Kario (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:23:43.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
          },
          {
            "name": "RHBZ#2254432",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50782",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-15T16:14:33.778114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:29:24.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/pyca/cryptography",
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "versions": [
            {
              "lessThan": "42.0.0",
              "status": "affected",
              "version": "3.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python39:3.9/python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Hubert Kario (Red Hat)."
        }
      ],
      "datePublic": "2023-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T11:28:21.353Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
        },
        {
          "name": "RHBZ#2254432",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-13T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-203: Observable Discrepancy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-50782",
    "datePublished": "2024-02-05T20:45:49.705Z",
    "dateReserved": "2023-12-13T20:44:02.023Z",
    "dateUpdated": "2026-03-24T11:28:21.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-50782",
      "date": "2026-06-26",
      "epss": "0.01118",
      "percentile": "0.62013"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B4BE2D6-43C3-4065-A213-5DB1325DC78F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8D92E10-0E79-479F-A963-5657D1BC4E03\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*\", \"versionEndExcluding\": \"42.0.0\", \"matchCriteriaId\": \"A7B7EA1D-8C2A-4C40-B9FC-E83F4E87C62B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:couchbase:couchbase_server:7.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE39595E-F4B2-4CEC-A405-809B75E71E36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:couchbase:couchbase_server:7.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B84B0C96-07C4-44ED-A291-94CEAAF6FFB6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\\u00f3n de datos confidenciales o sensibles.\"}]",
      "id": "CVE-2023-50782",
      "lastModified": "2024-11-21T08:37:18.337",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-02-05T21:15:11.183",
      "references": "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2023-50782\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254432\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-50782\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254432\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://www.couchbase.com/alerts/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-208\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-50782\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-02-05T21:15:11.183\",\"lastModified\":\"2026-06-17T06:39:58.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\u00f3n de datos confidenciales o sensibles.\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://github.com/pyca/cryptography\",\"packageName\":\"python-cryptography\",\"versions\":[{\"version\":\"3.2\",\"lessThan\":\"42.0.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"python-cryptography\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"python-cryptography\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"python39:3.9/python-cryptography\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"python-cryptography\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"python-cryptography\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"python-cryptography\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 4 for Cloud Providers\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"python-cryptography\",\"cpes\":[\"cpe:/a:redhat:rhui:4::el8\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-02-15T16:14:33.778114Z\",\"id\":\"CVE-2023-50782\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4BE2D6-43C3-4065-A213-5DB1325DC78F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8D92E10-0E79-479F-A963-5657D1BC4E03\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*\",\"versionEndExcluding\":\"42.0.0\",\"matchCriteriaId\":\"A7B7EA1D-8C2A-4C40-B9FC-E83F4E87C62B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:couchbase:couchbase_server:7.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE39595E-F4B2-4CEC-A405-809B75E71E36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:couchbase:couchbase_server:7.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B84B0C96-07C4-44ED-A291-94CEAAF6FFB6\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-50782\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2254432\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-50782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2254432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://www.couchbase.com/alerts/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2023-50782\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254432\", \"name\": \"RHBZ#2254432\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.couchbase.com/alerts/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:23:43.327Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-50782\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-15T16:14:33.778114Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-17T21:24:31.086Z\"}}], \"cna\": {\"title\": \"Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659\", \"credits\": [{\"lang\": \"en\", \"value\": \"This issue was discovered by Hubert Kario (Red Hat).\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"3.2\", \"lessThan\": \"42.0.0\", \"versionType\": \"semver\"}], \"packageName\": \"python-cryptography\", \"collectionURL\": \"https://github.com/pyca/cryptography\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"packageName\": \"python-cryptography\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"python-cryptography\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"python39:3.9/python-cryptography\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"python-cryptography\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"python-cryptography\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"packageName\": \"python-cryptography\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:4::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 4 for Cloud Providers\", \"packageName\": \"python-cryptography\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-12-13T00:00:00.000Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2023-12-13T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2023-12-13T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2023-50782\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254432\", \"name\": \"RHBZ#2254432\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-03-24T11:28:21.353Z\"}, \"x_redhatCweChain\": \"CWE-203: Observable Discrepancy\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-50782\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-24T11:28:21.353Z\", \"dateReserved\": \"2023-12-13T20:44:02.023Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-02-05T20:45:49.705Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2023-50782

Vulnerability from fkie_nvd - Published: 2024-02-05 21:15 - Updated: 2026-06-17 06:39

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-50782	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2254432	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2023-50782	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2254432	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/

Impacted products

Vendor	Product	Version
redhat	ansible_automation_platform	2.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	update_infrastructure	4
cryptography.io	cryptography	*
couchbase	couchbase_server	7.6.0
couchbase	couchbase_server	7.6.1

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "collectionURL": "https://github.com/pyca/cryptography",
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "versions": [
            {
              "lessThan": "42.0.0",
              "status": "affected",
              "version": "3.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python39:3.9/python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        }
      ],
      "source": "secalert@redhat.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D92E10-0E79-479F-A963-5657D1BC4E03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
              "matchCriteriaId": "A7B7EA1D-8C2A-4C40-B9FC-E83F4E87C62B",
              "versionEndExcluding": "42.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE39595E-F4B2-4CEC-A405-809B75E71E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B84B0C96-07C4-44ED-A291-94CEAAF6FFB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\u00f3n de datos confidenciales o sensibles."
    }
  ],
  "id": "CVE-2023-50782",
  "lastModified": "2026-06-17T06:39:58.240",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2023-50782",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2024-02-15T16:14:33.778114Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2024-02-05T21:15:11.183",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.couchbase.com/alerts/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-3WW4-GG4F-JR7F

Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2026-02-27 20:57

Summary

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

Details

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "cryptography"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "42.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208",
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-05T23:04:50Z",
    "nvd_published_at": "2024-02-05T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
  "id": "GHSA-3ww4-gg4f-jr7f",
  "modified": "2026-02-27T20:57:35Z",
  "published": "2024-02-05T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50782"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/issues/9785"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pyca/cryptography"
    },
    {
      "type": "WEB",
      "url": "https://www.couchbase.com/alerts"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack"
}

GSD-2023-50782

Vulnerability from gsd - Updated: 2023-12-14 06:01

Details

Aliases

CVE-2023-50782

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-50782"
      ],
      "details": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
      "id": "GSD-2023-50782",
      "modified": "2023-12-14T06:01:33.315446Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-50782",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Ansible Automation Platform 2",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unknown"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Satellite 6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Hubert Kario (Red Hat)."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-208",
                "lang": "eng",
                "value": "Observable Timing Discrepancy"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-50782",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
          }
        ]
      },
      "work_around": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E8D92E10-0E79-479F-A963-5657D1BC4E03",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:python-cryptography_project:python-cryptography:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3840C0A9-EF24-48AF-B0EE-93E452931D60",
                    "versionEndExcluding": "42.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\u00f3n de datos confidenciales o sensibles."
          }
        ],
        "id": "CVE-2023-50782",
        "lastModified": "2024-02-26T16:27:48.080",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-02-05T21:15:11.183",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-203"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-208"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

MSRC_CVE-2023-50782

Vulnerability from csaf_microsoft - Published: 2024-02-02 08:00 - Updated: 2026-02-18 14:33

Summary

Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2023-50782

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-203 - Observable Discrepancy

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 20054-17086		—
Unresolved product id: 17984-17084		—
Unresolved product id: 18171-17084		—

Known affected 3 products

Product	Version	Remediation
Unresolved product id: 17086-1	—	Vendor Fix fix
Unresolved product id: 17084-3	—	Vendor Fix fix
Unresolved product id: 17084-2	—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2024/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2024/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-50782 Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659 - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-50782.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
    "tracking": {
      "current_release_date": "2026-02-18T14:33:52.000Z",
      "generator": {
        "date": "2026-02-21T03:40:00.376Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-50782",
      "initial_release_date": "2024-02-02T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-06-30T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-02-18T14:33:52.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 python-cryptography 3.3.2-7",
                "product": {
                  "name": "\u003ccbl2 python-cryptography 3.3.2-7",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 python-cryptography 3.3.2-7",
                "product": {
                  "name": "cbl2 python-cryptography 3.3.2-7",
                  "product_id": "20054"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 python-cryptography 3.3.2-5",
                "product": {
                  "name": "\u003cazl3 python-cryptography 3.3.2-5",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 python-cryptography 3.3.2-5",
                "product": {
                  "name": "azl3 python-cryptography 3.3.2-5",
                  "product_id": "17984"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 python-cryptography 42.0.5-1",
                "product": {
                  "name": "\u003cazl3 python-cryptography 42.0.5-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 python-cryptography 42.0.5-1",
                "product": {
                  "name": "azl3 python-cryptography 42.0.5-1",
                  "product_id": "18171"
                }
              }
            ],
            "category": "product_name",
            "name": "python-cryptography"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 python-cryptography 3.3.2-7 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 python-cryptography 3.3.2-7 as a component of CBL Mariner 2.0",
          "product_id": "20054-17086"
        },
        "product_reference": "20054",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 python-cryptography 3.3.2-5 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 python-cryptography 3.3.2-5 as a component of Azure Linux 3.0",
          "product_id": "17984-17084"
        },
        "product_reference": "17984",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 python-cryptography 42.0.5-1 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 python-cryptography 42.0.5-1 as a component of Azure Linux 3.0",
          "product_id": "18171-17084"
        },
        "product_reference": "18171",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-50782",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "20054-17086",
          "17984-17084",
          "18171-17084"
        ],
        "known_affected": [
          "17086-1",
          "17084-3",
          "17084-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50782 Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659 - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-50782.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-30T07:00:00.000Z",
          "details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-06-30T07:00:00.000Z",
          "details": "42.0.5-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-3",
            "17084-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "17086-1",
            "17084-3",
            "17084-2"
          ]
        }
      ],
      "title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659"
    }
  ]
}

NCSC-2025-0028

Vulnerability from csaf_ncscnl - Published: 2025-01-22 13:36 - Updated: 2025-01-22 13:36

Summary

Kwetsbaarheden verholpen in Oracle Analytics

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-416: Use After Free

CWE-476: NULL Pointer Dereference

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-502: Deserialization of Untrusted Data

CWE-248: Uncaught Exception

CWE-674: Uncontrolled Recursion

CWE-611: Improper Restriction of XML External Entity Reference

CWE-787: Out-of-bounds Write

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-789: Memory Allocation with Excessive Size Value

CWE-20: Improper Input Validation

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1395: Dependency on Vulnerable Third-Party Component

CWE-670: Always-Incorrect Control Flow Implementation

CWE-399: CWE-399

CWE-326: Inadequate Encryption Strength

CWE-669: Incorrect Resource Transfer Between Spheres

CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-834: Excessive Iteration

CWE-311: Missing Encryption of Sensitive Data

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-125: Out-of-bounds Read

CWE-404: Improper Resource Shutdown or Release

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1333: Inefficient Regular Expression Complexity

CVE-2016-10000

CVE-2020-2849

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2020-7760

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 24 products

CVE-2020-13956

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 30 products

CVE-2020-28975

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2021-23926

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Affected products

Known affected 23 products

CVE-2021-33813

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 26 products

CVE-2022-40150

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 19 products

CVE-2023-2976

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Known affected 13 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-4785

CWE-248 - Uncaught Exception

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-7272

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-24998

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 20 products

CVE-2023-25399

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-29824

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-32732

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-440 - Expected Behavior Violation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-33202

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 10 products

Product	Identifier	Version
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop:prior_to_7.8.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-33953

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-834 - Excessive Iteration

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-43804

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 5 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 13 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-45803

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 5 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2023-50782

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Known affected 5 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-0727

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 11 products

Product	Identifier	Version
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—

CVE-2024-1135

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-4741

CWE-416 - Use After Free

Affected products

Known affected 9 products

Product	Identifier	Version
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::`	—

CVE-2024-5535

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-7254

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-22195

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 5 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-26130

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 9 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-29025

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 8 products

Product	Identifier	Version
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—

CVE-2024-29131

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 8 products

Product	Identifier	Version
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—

CVE-2024-34064

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 7 products

Product	Identifier	Version
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop::::::::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-35195

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-670 - Always-Incorrect Control Flow Implementation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-36114

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-37891

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-669 - Incorrect Resource Transfer Between Spheres

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-38809

8.0 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 5 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::`	—

CVE-2024-38820

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—

CVE-2024-43382

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—

CVE-2024-47561

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2025-21532

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
analytics_desktop oracle	`cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:::::::*`	—

References

40 references

URL	Category
https://www.oracle.com/security-alerts/cpujan2025.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2016…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Uncaught Exception",
        "title": "CWE-248"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Dependency on Vulnerable Third-Party Component",
        "title": "CWE-1395"
      },
      {
        "category": "general",
        "text": "Always-Incorrect Control Flow Implementation",
        "title": "CWE-670"
      },
      {
        "category": "general",
        "text": "CWE-399",
        "title": "CWE-399"
      },
      {
        "category": "general",
        "text": "Inadequate Encryption Strength",
        "title": "CWE-326"
      },
      {
        "category": "general",
        "text": "Incorrect Resource Transfer Between Spheres",
        "title": "CWE-669"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
        "title": "CWE-776"
      },
      {
        "category": "general",
        "text": "Excessive Iteration",
        "title": "CWE-834"
      },
      {
        "category": "general",
        "text": "Missing Encryption of Sensitive Data",
        "title": "CWE-311"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Analytics",
    "tracking": {
      "current_release_date": "2025-01-22T13:36:58.196605Z",
      "id": "NCSC-2025-0028",
      "initial_release_date": "2025-01-22T13:36:58.196605Z",
      "revision_history": [
        {
          "date": "2025-01-22T13:36:58.196605Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1503296",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-220360",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:enterprise:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-135810",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-219994",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:enterprise:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-219817",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:enterprise:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1503297",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-257324",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1503298",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1650736",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765384",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764234",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765387",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764778",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764929",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764235",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764930",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764236",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-1503574",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-1503573",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765388",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764727",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764729",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765383",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765385",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765389",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764725",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764728",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764730",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764726",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765386",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-9197",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-9493",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220546",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-228391",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220545",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220560",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-1673195",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-816763",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-816761",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-816762",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-1751172",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:8.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-1650735",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:prior_to_7.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-1751157",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-10000",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2016-10000",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2016/CVE-2016-10000.json"
        }
      ],
      "title": "CVE-2016-10000"
    },
    {
      "cve": "CVE-2020-2849",
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-2849",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-2849.json"
        }
      ],
      "title": "CVE-2020-2849"
    },
    {
      "cve": "CVE-2020-7760",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-765383",
          "CSAFPID-765384",
          "CSAFPID-765385",
          "CSAFPID-765386",
          "CSAFPID-765387",
          "CSAFPID-765388",
          "CSAFPID-765389",
          "CSAFPID-764778",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-7760",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-7760.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-765383",
            "CSAFPID-765384",
            "CSAFPID-765385",
            "CSAFPID-765386",
            "CSAFPID-765387",
            "CSAFPID-765388",
            "CSAFPID-765389",
            "CSAFPID-764778",
            "CSAFPID-816761",
            "CSAFPID-816762",
            "CSAFPID-816763",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2020-7760"
    },
    {
      "cve": "CVE-2020-13956",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-228391",
          "CSAFPID-764778",
          "CSAFPID-220546",
          "CSAFPID-9197",
          "CSAFPID-764929",
          "CSAFPID-764930",
          "CSAFPID-765383",
          "CSAFPID-765384",
          "CSAFPID-765385",
          "CSAFPID-765386",
          "CSAFPID-765387",
          "CSAFPID-765388",
          "CSAFPID-765389",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-1503574",
          "CSAFPID-257324",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-13956",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-228391",
            "CSAFPID-764778",
            "CSAFPID-220546",
            "CSAFPID-9197",
            "CSAFPID-764929",
            "CSAFPID-764930",
            "CSAFPID-765383",
            "CSAFPID-765384",
            "CSAFPID-765385",
            "CSAFPID-765386",
            "CSAFPID-765387",
            "CSAFPID-765388",
            "CSAFPID-765389",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-1503574",
            "CSAFPID-257324",
            "CSAFPID-135810"
          ]
        }
      ],
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2020-28975",
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-28975",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-28975.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2020-28975"
    },
    {
      "cve": "CVE-2021-23926",
      "cwe": {
        "id": "CWE-776",
        "name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
          "title": "CWE-776"
        },
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764234",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764235",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-764236",
          "CSAFPID-9493",
          "CSAFPID-764778",
          "CSAFPID-228391",
          "CSAFPID-135810",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-220546",
          "CSAFPID-9197",
          "CSAFPID-764929",
          "CSAFPID-764930"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-23926",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23926.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764234",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764235",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-764236",
            "CSAFPID-9493",
            "CSAFPID-764778",
            "CSAFPID-228391",
            "CSAFPID-135810",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-220546",
            "CSAFPID-9197",
            "CSAFPID-764929",
            "CSAFPID-764930"
          ]
        }
      ],
      "title": "CVE-2021-23926"
    },
    {
      "cve": "CVE-2021-33813",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764234",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764235",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-764236",
          "CSAFPID-9197",
          "CSAFPID-9493",
          "CSAFPID-228391",
          "CSAFPID-764778",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-765383",
          "CSAFPID-765384",
          "CSAFPID-765385",
          "CSAFPID-765386",
          "CSAFPID-765387",
          "CSAFPID-765388",
          "CSAFPID-765389",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-33813",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33813.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764234",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764235",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-764236",
            "CSAFPID-9197",
            "CSAFPID-9493",
            "CSAFPID-228391",
            "CSAFPID-764778",
            "CSAFPID-816761",
            "CSAFPID-816762",
            "CSAFPID-816763",
            "CSAFPID-765383",
            "CSAFPID-765384",
            "CSAFPID-765385",
            "CSAFPID-765386",
            "CSAFPID-765387",
            "CSAFPID-765388",
            "CSAFPID-765389",
            "CSAFPID-135810"
          ]
        }
      ],
      "title": "CVE-2021-33813"
    },
    {
      "cve": "CVE-2022-40150",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764234",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764235",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-764236",
          "CSAFPID-9493",
          "CSAFPID-764778",
          "CSAFPID-228391",
          "CSAFPID-135810",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-40150",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40150.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764234",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764235",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-764236",
            "CSAFPID-9493",
            "CSAFPID-764778",
            "CSAFPID-228391",
            "CSAFPID-135810",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574"
          ]
        }
      ],
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "other",
          "text": "Files or Directories Accessible to External Parties",
          "title": "CWE-552"
        },
        {
          "category": "other",
          "text": "Creation of Temporary File in Directory with Insecure Permissions",
          "title": "CWE-379"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-2976",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-816761",
            "CSAFPID-816762",
            "CSAFPID-816763",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-4785",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncaught Exception",
          "title": "CWE-248"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4785",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4785.json"
        }
      ],
      "title": "CVE-2023-4785"
    },
    {
      "cve": "CVE-2023-7272",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-7272",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7272.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-7272"
    },
    {
      "cve": "CVE-2023-24998",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-399",
          "title": "CWE-399"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-764778",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-24998",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
        }
      ],
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-25399",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Memory after Effective Lifetime",
          "title": "CWE-401"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-25399",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-25399.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-25399"
    },
    {
      "cve": "CVE-2023-29824",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-29824",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29824.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-29824"
    },
    {
      "cve": "CVE-2023-32732",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32732",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32732.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-32732"
    },
    {
      "cve": "CVE-2023-33202",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650735",
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-33202",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33202.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650735",
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-33202"
    },
    {
      "cve": "CVE-2023-33953",
      "cwe": {
        "id": "CWE-834",
        "name": "Excessive Iteration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-33953",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33953.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-33953"
    },
    {
      "cve": "CVE-2023-43804",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-43804",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43804.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-43804"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-44487",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-816761",
            "CSAFPID-816762",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45803",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45803",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45803.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-45803"
    },
    {
      "cve": "CVE-2023-50782",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Timing Discrepancy",
          "title": "CWE-208"
        },
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50782",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50782.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-50782"
    },
    {
      "cve": "CVE-2024-0727",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-135810",
          "CSAFPID-1650736",
          "CSAFPID-257324",
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0727",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-135810",
            "CSAFPID-1650736",
            "CSAFPID-257324",
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574"
          ]
        }
      ],
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-1135",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-1135",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1135.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-1135"
    },
    {
      "cve": "CVE-2024-4741",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574",
          "CSAFPID-1650736",
          "CSAFPID-257324",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4741",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json"
        }
      ],
      "title": "CVE-2024-4741"
    },
    {
      "cve": "CVE-2024-5535",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Dependency on Vulnerable Third-Party Component",
          "title": "CWE-1395"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-135810",
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5535",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-135810",
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7254",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-22195",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22195",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-22195"
    },
    {
      "cve": "CVE-2024-26130",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26130",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-26130"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574",
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29025",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-1503574",
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574",
          "CSAFPID-1650736"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29131",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-1503574",
            "CSAFPID-1650736"
          ]
        }
      ],
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-34064",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-34064",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-34064"
    },
    {
      "cve": "CVE-2024-35195",
      "cwe": {
        "id": "CWE-670",
        "name": "Always-Incorrect Control Flow Implementation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Always-Incorrect Control Flow Implementation",
          "title": "CWE-670"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-35195",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-35195"
    },
    {
      "cve": "CVE-2024-36114",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36114",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-36114"
    },
    {
      "cve": "CVE-2024-37891",
      "cwe": {
        "id": "CWE-669",
        "name": "Incorrect Resource Transfer Between Spheres"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Resource Transfer Between Spheres",
          "title": "CWE-669"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-37891"
    },
    {
      "cve": "CVE-2024-38809",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195",
          "CSAFPID-1650736",
          "CSAFPID-257324",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38809",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195",
            "CSAFPID-1650736",
            "CSAFPID-257324",
            "CSAFPID-135810"
          ]
        }
      ],
      "title": "CVE-2024-38809"
    },
    {
      "cve": "CVE-2024-38820",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Handling of Case Sensitivity",
          "title": "CWE-178"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38820",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-38820"
    },
    {
      "cve": "CVE-2024-43382",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        },
        {
          "category": "other",
          "text": "Inadequate Encryption Strength",
          "title": "CWE-326"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-43382",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43382.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-43382"
    },
    {
      "cve": "CVE-2024-47561",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47561",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-47561"
    },
    {
      "cve": "CVE-2025-21532",
      "product_status": {
        "known_affected": [
          "CSAFPID-1751157"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21532",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21532.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751157"
          ]
        }
      ],
      "title": "CVE-2025-21532"
    }
  ]
}

OPENSUSE-SU-2024:14416-1

Vulnerability from csaf_opensuse - Published: 2024-10-20 00:00 - Updated: 2024-10-20 00:00

Summary

libopenssl-3-devel-3.1.4-15.1 on GA media

Severity

Moderate

Notes

Title of the patch: libopenssl-3-devel-3.1.4-15.1 on GA media

Description of the patch: These are all security issues fixed in the libopenssl-3-devel-3.1.4-15.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-14416

CVE-2023-50782

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 40 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-9143

7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected products

Recommended 40 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64	—	Vendor Fix

Threats

Impact important

References

10 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://www.suse.com/security/cve/CVE-2023-50782/	self
https://www.suse.com/security/cve/CVE-2024-9143/	self
https://www.suse.com/security/cve/CVE-2023-50782	external
https://bugzilla.suse.com/1218043	external
https://www.suse.com/security/cve/CVE-2024-9143	external
https://bugzilla.suse.com/1231741	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libopenssl-3-devel-3.1.4-15.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libopenssl-3-devel-3.1.4-15.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-14416",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14416-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2024:14416-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZAEWAWTQ662APXDOVFSO6WSPPJ73EELU/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2024:14416-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZAEWAWTQ662APXDOVFSO6WSPPJ73EELU/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-50782 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-50782/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-9143 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-9143/"
      }
    ],
    "title": "libopenssl-3-devel-3.1.4-15.1 on GA media",
    "tracking": {
      "current_release_date": "2024-10-20T00:00:00Z",
      "generator": {
        "date": "2024-10-20T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:14416-1",
      "initial_release_date": "2024-10-20T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-10-20T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.1.4-15.1.aarch64",
                "product": {
                  "name": "libopenssl-3-devel-3.1.4-15.1.aarch64",
                  "product_id": "libopenssl-3-devel-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                "product": {
                  "name": "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                  "product_id": "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                "product": {
                  "name": "libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                  "product_id": "libopenssl-3-fips-provider-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                "product": {
                  "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                  "product_id": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                "product": {
                  "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                  "product_id": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.1.4-15.1.aarch64",
                "product": {
                  "name": "libopenssl3-3.1.4-15.1.aarch64",
                  "product_id": "libopenssl3-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-32bit-3.1.4-15.1.aarch64",
                "product": {
                  "name": "libopenssl3-32bit-3.1.4-15.1.aarch64",
                  "product_id": "libopenssl3-32bit-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                "product": {
                  "name": "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                  "product_id": "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.1.4-15.1.aarch64",
                "product": {
                  "name": "openssl-3-3.1.4-15.1.aarch64",
                  "product_id": "openssl-3-3.1.4-15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-doc-3.1.4-15.1.aarch64",
                "product": {
                  "name": "openssl-3-doc-3.1.4-15.1.aarch64",
                  "product_id": "openssl-3-doc-3.1.4-15.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "libopenssl-3-devel-3.1.4-15.1.ppc64le",
                  "product_id": "libopenssl-3-devel-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                  "product_id": "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                  "product_id": "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                  "product_id": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                  "product_id": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "libopenssl3-3.1.4-15.1.ppc64le",
                  "product_id": "libopenssl3-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-32bit-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "libopenssl3-32bit-3.1.4-15.1.ppc64le",
                  "product_id": "libopenssl3-32bit-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                  "product_id": "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "openssl-3-3.1.4-15.1.ppc64le",
                  "product_id": "openssl-3-3.1.4-15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-doc-3.1.4-15.1.ppc64le",
                "product": {
                  "name": "openssl-3-doc-3.1.4-15.1.ppc64le",
                  "product_id": "openssl-3-doc-3.1.4-15.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.1.4-15.1.s390x",
                "product": {
                  "name": "libopenssl-3-devel-3.1.4-15.1.s390x",
                  "product_id": "libopenssl-3-devel-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                "product": {
                  "name": "libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                  "product_id": "libopenssl-3-devel-32bit-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                "product": {
                  "name": "libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                  "product_id": "libopenssl-3-fips-provider-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                "product": {
                  "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                  "product_id": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                "product": {
                  "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                  "product_id": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.1.4-15.1.s390x",
                "product": {
                  "name": "libopenssl3-3.1.4-15.1.s390x",
                  "product_id": "libopenssl3-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-32bit-3.1.4-15.1.s390x",
                "product": {
                  "name": "libopenssl3-32bit-3.1.4-15.1.s390x",
                  "product_id": "libopenssl3-32bit-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                "product": {
                  "name": "libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                  "product_id": "libopenssl3-x86-64-v3-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.1.4-15.1.s390x",
                "product": {
                  "name": "openssl-3-3.1.4-15.1.s390x",
                  "product_id": "openssl-3-3.1.4-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-doc-3.1.4-15.1.s390x",
                "product": {
                  "name": "openssl-3-doc-3.1.4-15.1.s390x",
                  "product_id": "openssl-3-doc-3.1.4-15.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.1.4-15.1.x86_64",
                "product": {
                  "name": "libopenssl-3-devel-3.1.4-15.1.x86_64",
                  "product_id": "libopenssl-3-devel-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                "product": {
                  "name": "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                  "product_id": "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                "product": {
                  "name": "libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                  "product_id": "libopenssl-3-fips-provider-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                "product": {
                  "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                  "product_id": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                "product": {
                  "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                  "product_id": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.1.4-15.1.x86_64",
                "product": {
                  "name": "libopenssl3-3.1.4-15.1.x86_64",
                  "product_id": "libopenssl3-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-32bit-3.1.4-15.1.x86_64",
                "product": {
                  "name": "libopenssl3-32bit-3.1.4-15.1.x86_64",
                  "product_id": "libopenssl3-32bit-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                "product": {
                  "name": "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                  "product_id": "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.1.4-15.1.x86_64",
                "product": {
                  "name": "openssl-3-3.1.4-15.1.x86_64",
                  "product_id": "openssl-3-3.1.4-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-doc-3.1.4-15.1.x86_64",
                "product": {
                  "name": "openssl-3-doc-3.1.4-15.1.x86_64",
                  "product_id": "openssl-3-doc-3.1.4-15.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64"
        },
        "product_reference": "libopenssl-3-devel-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le"
        },
        "product_reference": "libopenssl-3-devel-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x"
        },
        "product_reference": "libopenssl-3-devel-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64"
        },
        "product_reference": "libopenssl-3-devel-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64"
        },
        "product_reference": "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le"
        },
        "product_reference": "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-32bit-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x"
        },
        "product_reference": "libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64"
        },
        "product_reference": "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64"
        },
        "product_reference": "libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le"
        },
        "product_reference": "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x"
        },
        "product_reference": "libopenssl-3-fips-provider-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64"
        },
        "product_reference": "libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64"
        },
        "product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le"
        },
        "product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x"
        },
        "product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64"
        },
        "product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64"
        },
        "product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le"
        },
        "product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x"
        },
        "product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64"
        },
        "product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64"
        },
        "product_reference": "libopenssl3-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le"
        },
        "product_reference": "libopenssl3-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x"
        },
        "product_reference": "libopenssl3-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64"
        },
        "product_reference": "libopenssl3-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-32bit-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64"
        },
        "product_reference": "libopenssl3-32bit-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-32bit-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le"
        },
        "product_reference": "libopenssl3-32bit-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-32bit-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x"
        },
        "product_reference": "libopenssl3-32bit-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-32bit-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64"
        },
        "product_reference": "libopenssl3-32bit-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64"
        },
        "product_reference": "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le"
        },
        "product_reference": "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-x86-64-v3-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x"
        },
        "product_reference": "libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64"
        },
        "product_reference": "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64"
        },
        "product_reference": "openssl-3-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le"
        },
        "product_reference": "openssl-3-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x"
        },
        "product_reference": "openssl-3-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64"
        },
        "product_reference": "openssl-3-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-doc-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64"
        },
        "product_reference": "openssl-3-doc-3.1.4-15.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-doc-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le"
        },
        "product_reference": "openssl-3-doc-3.1.4-15.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-doc-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x"
        },
        "product_reference": "openssl-3-doc-3.1.4-15.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-doc-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64"
        },
        "product_reference": "openssl-3-doc-3.1.4-15.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-50782",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-50782"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-50782",
          "url": "https://www.suse.com/security/cve/CVE-2023-50782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218043 for CVE-2023-50782",
          "url": "https://bugzilla.suse.com/1218043"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-10-20T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-50782"
    },
    {
      "cve": "CVE-2024-9143",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-9143"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted\nexplicit values for the field polynomial can lead to out-of-bounds memory reads\nor writes.\n\nImpact summary: Out of bound memory writes can lead to an application crash or\neven a possibility of a remote code execution, however, in all the protocols\ninvolving Elliptic Curve Cryptography that we\u0027re aware of, either only \"named\ncurves\" are supported, or, if explicit curve parameters are supported, they\nspecify an X9.62 encoding of binary (GF(2^m)) curves that can\u0027t represent\nproblematic input values. Thus the likelihood of existence of a vulnerable\napplication is low.\n\nIn particular, the X9.62 encoding is used for ECC keys in X.509 certificates,\nso problematic inputs cannot occur in the context of processing X.509\ncertificates.  Any problematic use-cases would have to be using an \"exotic\"\ncurve encoding.\n\nThe affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),\nand various supporting BN_GF2m_*() functions.\n\nApplications working with \"exotic\" explicit binary (GF(2^m)) curve parameters,\nthat make it possible to represent invalid field polynomials with a zero\nconstant term, via the above or similar APIs, may terminate abruptly as a\nresult of reading or writing outside of array bounds.  Remote code execution\ncannot easily be ruled out.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
          "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
          "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
          "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
          "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-9143",
          "url": "https://www.suse.com/security/cve/CVE-2024-9143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1231741 for CVE-2024-9143",
          "url": "https://bugzilla.suse.com/1231741"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
            "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-10-20T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-9143"
    }
  ]
}

SUSE-SU-2024:3757-1

Vulnerability from csaf_suse - Published: 2024-10-25 10:30 - Updated: 2024-10-25 10:30

Summary

Security update for openssl-1_1

Severity

Moderate

Notes

Title of the patch: Security update for openssl-1_1

Description of the patch: This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

Patchnames: SUSE-2024-3757,SUSE-SLE-SERVER-12-SP5-LTSS-2024-3757,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3757

CVE-2023-50782

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.113.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1220262	self
https://www.suse.com/security/cve/CVE-2023-50782/	self
https://www.suse.com/security/cve/CVE-2023-50782	external
https://bugzilla.suse.com/1218043	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssl-1_1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-3757,SUSE-SLE-SERVER-12-SP5-LTSS-2024-3757,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3757",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3757-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:3757-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243757-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:3757-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019679.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1220262",
        "url": "https://bugzilla.suse.com/1220262"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-50782 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-50782/"
      }
    ],
    "title": "Security update for openssl-1_1",
    "tracking": {
      "current_release_date": "2024-10-25T10:30:29Z",
      "generator": {
        "date": "2024-10-25T10:30:29Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:3757-1",
      "initial_release_date": "2024-10-25T10:30:29Z",
      "revision_history": [
        {
          "date": "2024-10-25T10:30:29Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.aarch64",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.aarch64",
                  "product_id": "libopenssl-1_1-devel-1.1.1d-2.113.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1d-2.113.1.aarch64",
                "product": {
                  "name": "libopenssl1_1-1.1.1d-2.113.1.aarch64",
                  "product_id": "libopenssl1_1-1.1.1d-2.113.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64",
                  "product_id": "libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1d-2.113.1.aarch64",
                "product": {
                  "name": "openssl-1_1-1.1.1d-2.113.1.aarch64",
                  "product_id": "openssl-1_1-1.1.1d-2.113.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-64bit-1.1.1d-2.113.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl-1_1-devel-64bit-1.1.1d-2.113.1.aarch64_ilp32",
                  "product_id": "libopenssl-1_1-devel-64bit-1.1.1d-2.113.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-64bit-1.1.1d-2.113.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl1_1-64bit-1.1.1d-2.113.1.aarch64_ilp32",
                  "product_id": "libopenssl1_1-64bit-1.1.1d-2.113.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-64bit-1.1.1d-2.113.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl1_1-hmac-64bit-1.1.1d-2.113.1.aarch64_ilp32",
                  "product_id": "libopenssl1_1-hmac-64bit-1.1.1d-2.113.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.i586",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.i586",
                  "product_id": "libopenssl-1_1-devel-1.1.1d-2.113.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1d-2.113.1.i586",
                "product": {
                  "name": "libopenssl1_1-1.1.1d-2.113.1.i586",
                  "product_id": "libopenssl1_1-1.1.1d-2.113.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.i586",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.i586",
                  "product_id": "libopenssl1_1-hmac-1.1.1d-2.113.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1d-2.113.1.i586",
                "product": {
                  "name": "openssl-1_1-1.1.1d-2.113.1.i586",
                  "product_id": "openssl-1_1-1.1.1d-2.113.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-1_1-doc-1.1.1d-2.113.1.noarch",
                "product": {
                  "name": "openssl-1_1-doc-1.1.1d-2.113.1.noarch",
                  "product_id": "openssl-1_1-doc-1.1.1d-2.113.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.ppc64le",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.ppc64le",
                  "product_id": "libopenssl-1_1-devel-1.1.1d-2.113.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1d-2.113.1.ppc64le",
                "product": {
                  "name": "libopenssl1_1-1.1.1d-2.113.1.ppc64le",
                  "product_id": "libopenssl1_1-1.1.1d-2.113.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le",
                  "product_id": "libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1d-2.113.1.ppc64le",
                "product": {
                  "name": "openssl-1_1-1.1.1d-2.113.1.ppc64le",
                  "product_id": "openssl-1_1-1.1.1d-2.113.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.s390",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.s390",
                  "product_id": "libopenssl-1_1-devel-1.1.1d-2.113.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1d-2.113.1.s390",
                "product": {
                  "name": "libopenssl1_1-1.1.1d-2.113.1.s390",
                  "product_id": "libopenssl1_1-1.1.1d-2.113.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.s390",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.s390",
                  "product_id": "libopenssl1_1-hmac-1.1.1d-2.113.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1d-2.113.1.s390",
                "product": {
                  "name": "openssl-1_1-1.1.1d-2.113.1.s390",
                  "product_id": "openssl-1_1-1.1.1d-2.113.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.s390x",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.s390x",
                  "product_id": "libopenssl-1_1-devel-1.1.1d-2.113.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-32bit-1.1.1d-2.113.1.s390x",
                "product": {
                  "name": "libopenssl-1_1-devel-32bit-1.1.1d-2.113.1.s390x",
                  "product_id": "libopenssl-1_1-devel-32bit-1.1.1d-2.113.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1d-2.113.1.s390x",
                "product": {
                  "name": "libopenssl1_1-1.1.1d-2.113.1.s390x",
                  "product_id": "libopenssl1_1-1.1.1d-2.113.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-32bit-1.1.1d-2.113.1.s390x",
                "product": {
                  "name": "libopenssl1_1-32bit-1.1.1d-2.113.1.s390x",
                  "product_id": "libopenssl1_1-32bit-1.1.1d-2.113.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.s390x",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.s390x",
                  "product_id": "libopenssl1_1-hmac-1.1.1d-2.113.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x",
                "product": {
                  "name": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x",
                  "product_id": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1d-2.113.1.s390x",
                "product": {
                  "name": "openssl-1_1-1.1.1d-2.113.1.s390x",
                  "product_id": "openssl-1_1-1.1.1d-2.113.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.x86_64",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1d-2.113.1.x86_64",
                  "product_id": "libopenssl-1_1-devel-1.1.1d-2.113.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-32bit-1.1.1d-2.113.1.x86_64",
                "product": {
                  "name": "libopenssl-1_1-devel-32bit-1.1.1d-2.113.1.x86_64",
                  "product_id": "libopenssl-1_1-devel-32bit-1.1.1d-2.113.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1d-2.113.1.x86_64",
                "product": {
                  "name": "libopenssl1_1-1.1.1d-2.113.1.x86_64",
                  "product_id": "libopenssl1_1-1.1.1d-2.113.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
                "product": {
                  "name": "libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
                  "product_id": "libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
                  "product_id": "libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
                "product": {
                  "name": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
                  "product_id": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1d-2.113.1.x86_64",
                "product": {
                  "name": "openssl-1_1-1.1.1d-2.113.1.x86_64",
                  "product_id": "openssl-1_1-1.1.1d-2.113.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1d-2.113.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.aarch64"
        },
        "product_reference": "libopenssl1_1-1.1.1d-2.113.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1d-2.113.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.ppc64le"
        },
        "product_reference": "libopenssl1_1-1.1.1d-2.113.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1d-2.113.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.s390x"
        },
        "product_reference": "libopenssl1_1-1.1.1d-2.113.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "libopenssl1_1-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-32bit-1.1.1d-2.113.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.s390x"
        },
        "product_reference": "libopenssl1_1-32bit-1.1.1d-2.113.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.s390x"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1d-2.113.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x"
        },
        "product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1d-2.113.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.aarch64"
        },
        "product_reference": "openssl-1_1-1.1.1d-2.113.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1d-2.113.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.ppc64le"
        },
        "product_reference": "openssl-1_1-1.1.1d-2.113.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1d-2.113.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.s390x"
        },
        "product_reference": "openssl-1_1-1.1.1d-2.113.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "openssl-1_1-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "libopenssl1_1-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1d-2.113.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.113.1.x86_64"
        },
        "product_reference": "openssl-1_1-1.1.1d-2.113.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-50782",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-50782"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.113.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-50782",
          "url": "https://www.suse.com/security/cve/CVE-2023-50782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218043 for CVE-2023-50782",
          "url": "https://bugzilla.suse.com/1218043"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.113.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:openssl-1_1-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-32bit-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libopenssl1_1-hmac-32bit-1.1.1d-2.113.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:openssl-1_1-1.1.1d-2.113.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-10-25T10:30:29Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-50782"
    }
  ]
}

SUSE-SU-2024:3765-1

Vulnerability from csaf_suse - Published: 2024-10-29 01:34 - Updated: 2024-10-29 01:34

Summary

Security update for openssl-1_1

Severity

Moderate

Notes

Title of the patch: Security update for openssl-1_1

Description of the patch: This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

Patchnames: SUSE-2024-3765,SUSE-SLE-Micro-5.5-2024-3765,SUSE-SLE-Module-Basesystem-15-SP5-2024-3765,openSUSE-Leap-Micro-5.5-2024-3765,openSUSE-SLE-15.5-2024-3765

CVE-2023-50782

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 66 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1220262	self
https://www.suse.com/security/cve/CVE-2023-50782/	self
https://www.suse.com/security/cve/CVE-2023-50782	external
https://bugzilla.suse.com/1218043	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssl-1_1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openssl-1_1 fixes the following issues:\n\n- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-3765,SUSE-SLE-Micro-5.5-2024-3765,SUSE-SLE-Module-Basesystem-15-SP5-2024-3765,openSUSE-Leap-Micro-5.5-2024-3765,openSUSE-SLE-15.5-2024-3765",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3765-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:3765-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243765-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:3765-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019685.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1220262",
        "url": "https://bugzilla.suse.com/1220262"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-50782 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-50782/"
      }
    ],
    "title": "Security update for openssl-1_1",
    "tracking": {
      "current_release_date": "2024-10-29T01:34:06Z",
      "generator": {
        "date": "2024-10-29T01:34:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:3765-1",
      "initial_release_date": "2024-10-29T01:34:06Z",
      "revision_history": [
        {
          "date": "2024-10-29T01:34:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
                  "product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
                "product": {
                  "name": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
                  "product_id": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
                  "product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
                "product": {
                  "name": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
                  "product_id": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl-1_1-devel-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32",
                  "product_id": "libopenssl-1_1-devel-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl1_1-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32",
                  "product_id": "libopenssl1_1-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl1_1-hmac-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32",
                  "product_id": "libopenssl1_1-hmac-64bit-1.1.1l-150500.17.37.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.i586",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.i586",
                  "product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1l-150500.17.37.1.i586",
                "product": {
                  "name": "libopenssl1_1-1.1.1l-150500.17.37.1.i586",
                  "product_id": "libopenssl1_1-1.1.1l-150500.17.37.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.i586",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.i586",
                  "product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1l-150500.17.37.1.i586",
                "product": {
                  "name": "openssl-1_1-1.1.1l-150500.17.37.1.i586",
                  "product_id": "openssl-1_1-1.1.1l-150500.17.37.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch",
                "product": {
                  "name": "openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch",
                  "product_id": "openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
                  "product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
                "product": {
                  "name": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
                  "product_id": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
                  "product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
                "product": {
                  "name": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
                  "product_id": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
                  "product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
                "product": {
                  "name": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
                  "product_id": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
                  "product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1l-150500.17.37.1.s390x",
                "product": {
                  "name": "openssl-1_1-1.1.1l-150500.17.37.1.s390x",
                  "product_id": "openssl-1_1-1.1.1l-150500.17.37.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
                "product": {
                  "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
                  "product_id": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64",
                "product": {
                  "name": "libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64",
                  "product_id": "libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
                "product": {
                  "name": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
                  "product_id": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
                "product": {
                  "name": "libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
                  "product_id": "libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
                "product": {
                  "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
                  "product_id": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
                "product": {
                  "name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
                  "product_id": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
                "product": {
                  "name": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
                  "product_id": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.5",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.5",
                  "product_id": "SUSE Linux Enterprise Micro 5.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap Micro 5.5",
                "product": {
                  "name": "openSUSE Leap Micro 5.5",
                  "product_id": "openSUSE Leap Micro 5.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap-micro:5.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64 as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64 as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64 as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64 as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.s390x as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap Micro 5.5",
          "product_id": "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64"
        },
        "product_reference": "openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch"
        },
        "product_reference": "openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-50782",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-50782"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
          "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
          "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
          "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
          "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap 15.5:libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
          "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
          "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
          "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap 15.5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
          "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
          "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
          "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap 15.5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
          "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
          "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
          "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap 15.5:openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch",
          "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
          "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
          "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
          "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
          "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
          "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
          "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
          "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
          "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
          "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-50782",
          "url": "https://www.suse.com/security/cve/CVE-2023-50782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218043 for CVE-2023-50782",
          "url": "https://bugzilla.suse.com/1218043"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
            "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch",
            "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-1_1-devel-32bit-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap 15.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl1_1-32bit-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:libopenssl1_1-hmac-32bit-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.ppc64le",
            "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap 15.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap 15.5:openssl-1_1-doc-1.1.1l-150500.17.37.1.noarch",
            "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap Micro 5.5:libopenssl-1_1-devel-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap Micro 5.5:libopenssl1_1-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap Micro 5.5:libopenssl1_1-hmac-1.1.1l-150500.17.37.1.x86_64",
            "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.aarch64",
            "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.s390x",
            "openSUSE Leap Micro 5.5:openssl-1_1-1.1.1l-150500.17.37.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-10-29T01:34:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-50782"
    }
  ]
}

SUSE-SU-2024:3766-1

Vulnerability from csaf_suse - Published: 2024-10-29 01:34 - Updated: 2024-10-29 01:34

Summary

Security update for openssl-3

Severity

Important

Notes

Title of the patch: Security update for openssl-3

Description of the patch: This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) - CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698)

Patchnames: SUSE-2024-3766,SUSE-SLE-Module-Basesystem-15-SP5-2024-3766,openSUSE-SLE-15.5-2024-3766

CVE-2023-50782

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 27 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2024-41996

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 27 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch	—	Vendor Fix

Threats

Impact important

References

12 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1220262	self
https://bugzilla.suse.com/1230698	self
https://www.suse.com/security/cve/CVE-2023-50782/	self
https://www.suse.com/security/cve/CVE-2024-41996/	self
https://www.suse.com/security/cve/CVE-2023-50782	external
https://bugzilla.suse.com/1218043	external
https://www.suse.com/security/cve/CVE-2024-41996	external
https://bugzilla.suse.com/1229742	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssl-3",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)\n- CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-3766,SUSE-SLE-Module-Basesystem-15-SP5-2024-3766,openSUSE-SLE-15.5-2024-3766",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3766-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:3766-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243766-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:3766-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019684.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1220262",
        "url": "https://bugzilla.suse.com/1220262"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230698",
        "url": "https://bugzilla.suse.com/1230698"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-50782 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-50782/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-41996 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-41996/"
      }
    ],
    "title": "Security update for openssl-3",
    "tracking": {
      "current_release_date": "2024-10-29T01:34:29Z",
      "generator": {
        "date": "2024-10-29T01:34:29Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:3766-1",
      "initial_release_date": "2024-10-29T01:34:29Z",
      "revision_history": [
        {
          "date": "2024-10-29T01:34:29Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
                  "product_id": "libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150500.5.48.1.aarch64",
                "product": {
                  "name": "libopenssl3-3.0.8-150500.5.48.1.aarch64",
                  "product_id": "libopenssl3-3.0.8-150500.5.48.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150500.5.48.1.aarch64",
                "product": {
                  "name": "openssl-3-3.0.8-150500.5.48.1.aarch64",
                  "product_id": "openssl-3-3.0.8-150500.5.48.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-64bit-3.0.8-150500.5.48.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl-3-devel-64bit-3.0.8-150500.5.48.1.aarch64_ilp32",
                  "product_id": "libopenssl-3-devel-64bit-3.0.8-150500.5.48.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-64bit-3.0.8-150500.5.48.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl3-64bit-3.0.8-150500.5.48.1.aarch64_ilp32",
                  "product_id": "libopenssl3-64bit-3.0.8-150500.5.48.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.i586",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.i586",
                  "product_id": "libopenssl-3-devel-3.0.8-150500.5.48.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150500.5.48.1.i586",
                "product": {
                  "name": "libopenssl3-3.0.8-150500.5.48.1.i586",
                  "product_id": "libopenssl3-3.0.8-150500.5.48.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150500.5.48.1.i586",
                "product": {
                  "name": "openssl-3-3.0.8-150500.5.48.1.i586",
                  "product_id": "openssl-3-3.0.8-150500.5.48.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-3-doc-3.0.8-150500.5.48.1.noarch",
                "product": {
                  "name": "openssl-3-doc-3.0.8-150500.5.48.1.noarch",
                  "product_id": "openssl-3-doc-3.0.8-150500.5.48.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
                  "product_id": "libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150500.5.48.1.ppc64le",
                "product": {
                  "name": "libopenssl3-3.0.8-150500.5.48.1.ppc64le",
                  "product_id": "libopenssl3-3.0.8-150500.5.48.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150500.5.48.1.ppc64le",
                "product": {
                  "name": "openssl-3-3.0.8-150500.5.48.1.ppc64le",
                  "product_id": "openssl-3-3.0.8-150500.5.48.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
                  "product_id": "libopenssl-3-devel-3.0.8-150500.5.48.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150500.5.48.1.s390x",
                "product": {
                  "name": "libopenssl3-3.0.8-150500.5.48.1.s390x",
                  "product_id": "libopenssl3-3.0.8-150500.5.48.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150500.5.48.1.s390x",
                "product": {
                  "name": "openssl-3-3.0.8-150500.5.48.1.s390x",
                  "product_id": "openssl-3-3.0.8-150500.5.48.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
                  "product_id": "libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
                "product": {
                  "name": "libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
                  "product_id": "libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150500.5.48.1.x86_64",
                "product": {
                  "name": "libopenssl3-3.0.8-150500.5.48.1.x86_64",
                  "product_id": "libopenssl3-3.0.8-150500.5.48.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
                "product": {
                  "name": "libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
                  "product_id": "libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150500.5.48.1.x86_64",
                "product": {
                  "name": "openssl-3-3.0.8-150500.5.48.1.x86_64",
                  "product_id": "openssl-3-3.0.8-150500.5.48.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150500.5.48.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64"
        },
        "product_reference": "libopenssl3-3.0.8-150500.5.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150500.5.48.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le"
        },
        "product_reference": "libopenssl3-3.0.8-150500.5.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150500.5.48.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x"
        },
        "product_reference": "libopenssl3-3.0.8-150500.5.48.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150500.5.48.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64"
        },
        "product_reference": "libopenssl3-3.0.8-150500.5.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150500.5.48.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64"
        },
        "product_reference": "openssl-3-3.0.8-150500.5.48.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150500.5.48.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le"
        },
        "product_reference": "openssl-3-3.0.8-150500.5.48.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150500.5.48.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x"
        },
        "product_reference": "openssl-3-3.0.8-150500.5.48.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150500.5.48.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64"
        },
        "product_reference": "openssl-3-3.0.8-150500.5.48.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64"
        },
        "product_reference": "libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150500.5.48.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64"
        },
        "product_reference": "libopenssl3-3.0.8-150500.5.48.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150500.5.48.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le"
        },
        "product_reference": "libopenssl3-3.0.8-150500.5.48.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150500.5.48.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x"
        },
        "product_reference": "libopenssl3-3.0.8-150500.5.48.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150500.5.48.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64"
        },
        "product_reference": "libopenssl3-3.0.8-150500.5.48.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64"
        },
        "product_reference": "libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150500.5.48.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64"
        },
        "product_reference": "openssl-3-3.0.8-150500.5.48.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150500.5.48.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le"
        },
        "product_reference": "openssl-3-3.0.8-150500.5.48.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150500.5.48.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x"
        },
        "product_reference": "openssl-3-3.0.8-150500.5.48.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150500.5.48.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64"
        },
        "product_reference": "openssl-3-3.0.8-150500.5.48.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-doc-3.0.8-150500.5.48.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch"
        },
        "product_reference": "openssl-3-doc-3.0.8-150500.5.48.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-50782",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-50782"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
          "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
          "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
          "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
          "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
          "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x",
          "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64",
          "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
          "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x",
          "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-50782",
          "url": "https://www.suse.com/security/cve/CVE-2023-50782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218043 for CVE-2023-50782",
          "url": "https://bugzilla.suse.com/1218043"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-10-29T01:34:29Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-50782"
    },
    {
      "cve": "CVE-2024-41996",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-41996"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
          "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
          "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
          "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
          "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
          "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x",
          "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64",
          "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
          "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x",
          "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64",
          "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-41996",
          "url": "https://www.suse.com/security/cve/CVE-2024-41996"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1229742 for CVE-2024-41996",
          "url": "https://bugzilla.suse.com/1229742"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.aarch64",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.ppc64le",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.s390x",
            "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.48.1.x86_64",
            "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.48.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-10-29T01:34:29Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-41996"
    }
  ]
}

SUSE-SU-2024:3871-1

Vulnerability from csaf_suse - Published: 2024-11-01 15:20 - Updated: 2024-11-01 15:20

Summary

Security update for openssl-3

Severity

Important

Notes

Title of the patch: Security update for openssl-3

Patchnames: SUSE-2024-3871,SUSE-SLE-Micro-5.3-2024-3871,SUSE-SLE-Micro-5.4-2024-3871,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3871,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3871,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3871

CVE-2023-50782

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 27 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-41996

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 27 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64	—	Vendor Fix

Threats

Impact important

References

12 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1220262	self
https://bugzilla.suse.com/1230698	self
https://www.suse.com/security/cve/CVE-2023-50782/	self
https://www.suse.com/security/cve/CVE-2024-41996/	self
https://www.suse.com/security/cve/CVE-2023-50782	external
https://bugzilla.suse.com/1218043	external
https://www.suse.com/security/cve/CVE-2024-41996	external
https://bugzilla.suse.com/1229742	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssl-3",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)\n- CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-3871,SUSE-SLE-Micro-5.3-2024-3871,SUSE-SLE-Micro-5.4-2024-3871,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3871,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3871,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3871",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3871-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:3871-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243871-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:3871-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019759.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1220262",
        "url": "https://bugzilla.suse.com/1220262"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230698",
        "url": "https://bugzilla.suse.com/1230698"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-50782 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-50782/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-41996 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-41996/"
      }
    ],
    "title": "Security update for openssl-3",
    "tracking": {
      "current_release_date": "2024-11-01T15:20:04Z",
      "generator": {
        "date": "2024-11-01T15:20:04Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:3871-1",
      "initial_release_date": "2024-11-01T15:20:04Z",
      "revision_history": [
        {
          "date": "2024-11-01T15:20:04Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
                  "product_id": "libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150400.4.69.1.aarch64",
                "product": {
                  "name": "libopenssl3-3.0.8-150400.4.69.1.aarch64",
                  "product_id": "libopenssl3-3.0.8-150400.4.69.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150400.4.69.1.aarch64",
                "product": {
                  "name": "openssl-3-3.0.8-150400.4.69.1.aarch64",
                  "product_id": "openssl-3-3.0.8-150400.4.69.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-64bit-3.0.8-150400.4.69.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl-3-devel-64bit-3.0.8-150400.4.69.1.aarch64_ilp32",
                  "product_id": "libopenssl-3-devel-64bit-3.0.8-150400.4.69.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-64bit-3.0.8-150400.4.69.1.aarch64_ilp32",
                "product": {
                  "name": "libopenssl3-64bit-3.0.8-150400.4.69.1.aarch64_ilp32",
                  "product_id": "libopenssl3-64bit-3.0.8-150400.4.69.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.i586",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.i586",
                  "product_id": "libopenssl-3-devel-3.0.8-150400.4.69.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150400.4.69.1.i586",
                "product": {
                  "name": "libopenssl3-3.0.8-150400.4.69.1.i586",
                  "product_id": "libopenssl3-3.0.8-150400.4.69.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150400.4.69.1.i586",
                "product": {
                  "name": "openssl-3-3.0.8-150400.4.69.1.i586",
                  "product_id": "openssl-3-3.0.8-150400.4.69.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-3-doc-3.0.8-150400.4.69.1.noarch",
                "product": {
                  "name": "openssl-3-doc-3.0.8-150400.4.69.1.noarch",
                  "product_id": "openssl-3-doc-3.0.8-150400.4.69.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
                  "product_id": "libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150400.4.69.1.ppc64le",
                "product": {
                  "name": "libopenssl3-3.0.8-150400.4.69.1.ppc64le",
                  "product_id": "libopenssl3-3.0.8-150400.4.69.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150400.4.69.1.ppc64le",
                "product": {
                  "name": "openssl-3-3.0.8-150400.4.69.1.ppc64le",
                  "product_id": "openssl-3-3.0.8-150400.4.69.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
                  "product_id": "libopenssl-3-devel-3.0.8-150400.4.69.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150400.4.69.1.s390x",
                "product": {
                  "name": "libopenssl3-3.0.8-150400.4.69.1.s390x",
                  "product_id": "libopenssl3-3.0.8-150400.4.69.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150400.4.69.1.s390x",
                "product": {
                  "name": "openssl-3-3.0.8-150400.4.69.1.s390x",
                  "product_id": "openssl-3-3.0.8-150400.4.69.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
                "product": {
                  "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
                  "product_id": "libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl-3-devel-32bit-3.0.8-150400.4.69.1.x86_64",
                "product": {
                  "name": "libopenssl-3-devel-32bit-3.0.8-150400.4.69.1.x86_64",
                  "product_id": "libopenssl-3-devel-32bit-3.0.8-150400.4.69.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-3.0.8-150400.4.69.1.x86_64",
                "product": {
                  "name": "libopenssl3-3.0.8-150400.4.69.1.x86_64",
                  "product_id": "libopenssl3-3.0.8-150400.4.69.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl3-32bit-3.0.8-150400.4.69.1.x86_64",
                "product": {
                  "name": "libopenssl3-32bit-3.0.8-150400.4.69.1.x86_64",
                  "product_id": "libopenssl3-32bit-3.0.8-150400.4.69.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-3-3.0.8-150400.4.69.1.x86_64",
                "product": {
                  "name": "openssl-3-3.0.8-150400.4.69.1.x86_64",
                  "product_id": "openssl-3-3.0.8-150400.4.69.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.3",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.3",
                  "product_id": "SUSE Linux Enterprise Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.4",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.4",
                  "product_id": "SUSE Linux Enterprise Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.3",
                "product": {
                  "name": "SUSE Manager Server 4.3",
                  "product_id": "SUSE Manager Server 4.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150400.4.69.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64"
        },
        "product_reference": "openssl-3-3.0.8-150400.4.69.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150400.4.69.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le"
        },
        "product_reference": "openssl-3-3.0.8-150400.4.69.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150400.4.69.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x"
        },
        "product_reference": "openssl-3-3.0.8-150400.4.69.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150400.4.69.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64"
        },
        "product_reference": "openssl-3-3.0.8-150400.4.69.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.s390x as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64 as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64"
        },
        "product_reference": "libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.ppc64le as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.s390x as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl3-3.0.8-150400.4.69.1.x86_64 as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64"
        },
        "product_reference": "libopenssl3-3.0.8-150400.4.69.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150400.4.69.1.ppc64le as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le"
        },
        "product_reference": "openssl-3-3.0.8-150400.4.69.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150400.4.69.1.s390x as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x"
        },
        "product_reference": "openssl-3-3.0.8-150400.4.69.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-3.0.8-150400.4.69.1.x86_64 as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64"
        },
        "product_reference": "openssl-3-3.0.8-150400.4.69.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-50782",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-50782"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
          "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
          "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
          "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x",
          "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-50782",
          "url": "https://www.suse.com/security/cve/CVE-2023-50782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218043 for CVE-2023-50782",
          "url": "https://bugzilla.suse.com/1218043"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-11-01T15:20:04Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-50782"
    },
    {
      "cve": "CVE-2024-41996",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-41996"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
          "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
          "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
          "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
          "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le",
          "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x",
          "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-41996",
          "url": "https://www.suse.com/security/cve/CVE-2024-41996"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1229742 for CVE-2024-41996",
          "url": "https://bugzilla.suse.com/1229742"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.s390x",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:openssl-3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:libopenssl3-3.0.8-150400.4.69.1.x86_64",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.ppc64le",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.s390x",
            "SUSE Manager Server 4.3:openssl-3-3.0.8-150400.4.69.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-11-01T15:20:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-41996"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-50782 (GCVE-0-2023-50782)

Tags

Sightings

Nomenclature