Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-13009 (GCVE-0-2024-13009)
Vulnerability from cvelistv5 – Published: 2025-05-08 17:29 – Updated: 2025-05-08 18:56 Unsupported When Assigned
VLAI
EPSS
Title
Eclipse Jetty GZIP buffer release
Summary
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Jetty |
Affected:
9.4.0 , ≤ 9.4.56
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:55:32.278977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:56:39.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jetty",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "9.4.56",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests."
}
],
"value": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T17:29:31.380Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
},
{
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Eclipse Jetty GZIP buffer release",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-13009",
"datePublished": "2025-05-08T17:29:31.380Z",
"dateReserved": "2024-12-28T09:11:12.587Z",
"dateUpdated": "2025-05-08T18:56:39.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-13009",
"date": "2026-06-27",
"epss": "0.00432",
"percentile": "0.34573"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-13009\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-05-08T18:15:41.640\",\"lastModified\":\"2025-07-31T16:31:12.697\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[{\"sourceIdentifier\":\"emo@eclipse.org\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\"},{\"lang\":\"es\",\"value\":\"En las versiones 9.4.0 a 9.4.56 de Eclipse Jetty, un b\u00fafer puede liberarse incorrectamente al detectar un error de gzip al inflar el cuerpo de una solicitud. Esto puede provocar que se compartan datos corruptos o inadvertidos entre solicitudes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.57\",\"matchCriteriaId\":\"5E84B2A3-9032-487F-96D2-6E7F94D761B1\"}]}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/48\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-13009\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T18:55:32.278977Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T18:55:42.205Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\"], \"title\": \"Eclipse Jetty GZIP buffer release\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Eclipse Foundation\", \"product\": \"Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.4.56\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/48\"}, {\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"CWE-404 Improper Resource Shutdown or Release\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-05-08T17:29:31.380Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-13009\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T18:56:39.446Z\", \"dateReserved\": \"2024-12-28T09:11:12.587Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-05-08T17:29:31.380Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:12511
Vulnerability from csaf_redhat - Published: 2025-08-01 17:42 - Updated: 2026-06-25 04:23Summary
Red Hat Security Advisory: Streams for Apache Kafka 3.0.0 release and security update
Severity
Important
Notes
Topic: Streams for Apache Kafka 3.0.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat Streams for Apache Kafka 3.0.0 serves as a replacement for Red Hat Streams for Apache Kafka 2.9.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Cruise Control: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Security [amq-st-2] "(CVE-2023-1370)"
* Cruise Control, Drain Cleaner: io.netty:netty-handler: SslHandler doesn't
correctly validate packets which can lead to native crash when using native
SSLEngine Security[amq-st-2] "(CVE-2025-24970)"
* Cruise Control, Drain Cleaner: netty: Denial of Service attack on windows app using Netty Security [amq-st-2] "(CVE-2025-25193)"
Cruise Control: kafka: Apache Kafka: SCRAM authentication vulnerable to replay
attacks when used without encryption Security [amq-st-2] "(CVE-2024-56128)"
* Cruise Control: kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider Security [amq-st-2] "(CVE-2024-31141)"
* Cruise Control, Operator: Jetty: Gzip Request Body Buffer Corruption
Security[amq-st-2]"(CVE-2024-13009)"
* Cruise Control: org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority Security [amq-st-2] "(CVE-2024-6763)"
* Cruise Control: commons-beanutils: Apache Commons BeanUtils:
PropertyUtilsBean does not suppresses an enum's declaredClass property by
default Security [amq-st-2] "(CVE-2025-48734)"
* Cruise Control, Kafka, Drain Cleaner, Console: commons-lang-library:
Uncontrolled recursion flaw in Apache Commons Lang library [amq-st-2] "(CVE-2025-48924)"
* Opetator, Bridge: io.quarkus:quarkus-vertx package: data leak vulnerability has been discovered in the io.quarkus: quarkus-vertx package[amq-st-2] "(CVE-2025-49574)"
* Kafka, Operator, Bridge, Cruise Control, Bridge: Connect2id Nimbus JOSE + JWT: Denial of service flaw [amq-st-2] "(CVE-2025-53864)"
* Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout [amq-st-2] "(CVE-2025-1634)"
* Drain Cleaner: netty: Denial of Service attack on windows app using Netty[amq-st-2] "(CVE-2024-47535)"
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect attack or an SSRF attack if the URI is used after passing validation checks.
CWE-1286 - Improper Validation of Syntactic Correctness of InputAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.
7.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations, which include the ability to read from disk or environment variables. In applications where an untrusted party can specify Apache Kafka Clients configurations, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM), which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka's SCRAM implementation did not perform this validation. In environments where SCRAM is operated over plaintext communication channels, an attacker with access to the exchange can intercept and potentially reuse authentication messages, leveraging the weak nonce validation to gain unauthorized access.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass(...) method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an application.
CWE-674 - Uncontrolled RecursionAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be unintentionally exposed.
6.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A denial of service flaw has been discovered in Connect2id Nimbus JOSE + JWT. This issue can allow a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set.
5.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.0.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.0::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
101 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Streams for Apache Kafka 3.0.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 3.0.0 serves as a replacement for Red Hat Streams for Apache Kafka 2.9.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Cruise Control: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Security [amq-st-2] \"(CVE-2023-1370)\"\n* Cruise Control, Drain Cleaner: io.netty:netty-handler: SslHandler doesn\u0027t\ncorrectly validate packets which can lead to native crash when using native\nSSLEngine Security[amq-st-2] \"(CVE-2025-24970)\"\n* Cruise Control, Drain Cleaner: netty: Denial of Service attack on windows app using Netty Security [amq-st-2] \"(CVE-2025-25193)\"\nCruise Control: kafka: Apache Kafka: SCRAM authentication vulnerable to replay\nattacks when used without encryption Security [amq-st-2] \"(CVE-2024-56128)\"\n* Cruise Control: kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider Security [amq-st-2] \"(CVE-2024-31141)\"\n* Cruise Control, Operator: Jetty: Gzip Request Body Buffer Corruption\nSecurity[amq-st-2]\"(CVE-2024-13009)\"\n* Cruise Control: org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority Security [amq-st-2] \"(CVE-2024-6763)\"\n* Cruise Control: commons-beanutils: Apache Commons BeanUtils:\nPropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by\ndefault Security [amq-st-2] \"(CVE-2025-48734)\"\n* Cruise Control, Kafka, Drain Cleaner, Console: commons-lang-library: \nUncontrolled recursion flaw in Apache Commons Lang library [amq-st-2] \"(CVE-2025-48924)\"\n* Opetator, Bridge: io.quarkus:quarkus-vertx package: data leak vulnerability has been discovered in the io.quarkus: quarkus-vertx package[amq-st-2] \"(CVE-2025-49574)\"\n* Kafka, Operator, Bridge, Cruise Control, Bridge: Connect2id Nimbus JOSE + JWT: Denial of service flaw [amq-st-2] \"(CVE-2025-53864)\"\n* Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout [amq-st-2] \"(CVE-2025-1634)\"\n* Drain Cleaner: netty: Denial of Service attack on windows app using Netty[amq-st-2] \"(CVE-2024-47535)\"",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:12511",
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2318563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318563"
},
{
"category": "external",
"summary": "2325538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
},
{
"category": "external",
"summary": "2327264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327264"
},
{
"category": "external",
"summary": "2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "2344788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
},
{
"category": "external",
"summary": "2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2374376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374376"
},
{
"category": "external",
"summary": "2379485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379485"
},
{
"category": "external",
"summary": "2379554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379554"
},
{
"category": "external",
"summary": "ENTMQST-6772",
"url": "https://issues.redhat.com/browse/ENTMQST-6772"
},
{
"category": "external",
"summary": "ENTMQST-6773",
"url": "https://issues.redhat.com/browse/ENTMQST-6773"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_12511.json"
}
],
"title": "Red Hat Security Advisory: Streams for Apache Kafka 3.0.0 release and security update",
"tracking": {
"current_release_date": "2026-06-25T04:23:55+00:00",
"generator": {
"date": "2026-06-25T04:23:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:12511",
"initial_release_date": "2025-08-01T17:42:40+00:00",
"revision_history": [
{
"date": "2025-08-01T17:42:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-01T17:42:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T04:23:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Streams for Apache Kafka 3.0.0",
"product": {
"name": "Streams for Apache Kafka 3.0.0",
"product_id": "Streams for Apache Kafka 3.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2024-10-14T16:00:54.963689+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect attack or an SSRF attack if the URI is used after passing validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For this attack to work, you would require the victim to have a vulnerable browser on top of that the URI being used after insufficient validation, all of which makes this a low-severity flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6763"
},
{
"category": "external",
"summary": "RHBZ#2318563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/pull/12012",
"url": "https://github.com/jetty/jetty.project/pull/12012"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
}
],
"release_date": "2024-10-14T15:06:07.298000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-05-08T18:00:47.047186+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Jetty: Gzip Request Body Buffer Corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because a buffer management vulnerability exists within the GzipHandler\u0027s buffer release mechanism when encountering gzip errors during request body inflation, this flaw can lead to the incorrect release and subsequent inadvertent sharing and corruption of request body data between concurrent uncompressed requests, results in data exposure and incorrect processing of requests due to corrupted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "RHBZ#2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"release_date": "2025-05-08T17:29:31.380000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-server: Jetty: Gzip Request Body Buffer Corruption"
},
{
"cve": "CVE-2024-31141",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2024-11-19T09:00:35.857468+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2327264"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations, which include the ability to read from disk or environment variables. In applications where an untrusted party can specify Apache Kafka Clients configurations, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31141"
},
{
"category": "external",
"summary": "RHBZ#2327264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327264"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv",
"url": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv"
}
],
"release_date": "2024-11-19T08:40:50.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider"
},
{
"cve": "CVE-2024-47535",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-11-12T16:01:18.772613+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Denial of Service attack on windows app using Netty",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47535"
},
{
"category": "external",
"summary": "RHBZ#2325538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"url": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
}
],
"release_date": "2024-11-12T15:50:08.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Denial of Service attack on windows app using Netty"
},
{
"cve": "CVE-2024-56128",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2024-12-18T14:00:43.732728+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka\u0027s implementation of the Salted Challenge Response Authentication Mechanism (SCRAM), which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka\u0027s SCRAM implementation did not perform this validation. In environments where SCRAM is operated over plaintext communication channels, an attacker with access to the exchange can intercept and potentially reuse authentication messages, leveraging the weak nonce validation to gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked with an Important severity because it compromises a fundamental security requirement of the SCRAM protocol as specified in RFC 5802 \u2014the validation of nonces for ensuring message integrity and preventing replay attacks. Without proper nonce validation, an attacker with plaintext access to the SCRAM authentication exchange could manipulate or replay parts of the authentication process, potentially gaining unauthorized access or disrupting the integrity of authentication. While the use of plaintext communication for SCRAM is discouraged, many legacy systems or misconfigured deployments may still rely on it, making them directly susceptible.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56128"
},
{
"category": "external",
"summary": "RHBZ#2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802",
"url": "https://datatracker.ietf.org/doc/html/rfc5802"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802#section-9",
"url": "https://datatracker.ietf.org/doc/html/rfc5802#section-9"
},
{
"category": "external",
"summary": "https://kafka.apache.org/documentation/#security_sasl_scram_security",
"url": "https://kafka.apache.org/documentation/#security_sasl_scram_security"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw",
"url": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw"
}
],
"release_date": "2024-12-18T13:38:03.068000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption"
},
{
"cve": "CVE-2025-1634",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-02-24T14:17:31.237000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked as and Important severity rather than Moderate because it allows an unauthenticated attacker to trigger a denial of service condition by repeatedly sending crafted HTTP requests with low timeouts. The issue leads to a memory leak that cannot be recovered without restarting the application, ultimately resulting in an OutOfMemoryError and complete service failure.\n\nIn a production environment, this vulnerability poses a significant risk to availability, especially for applications handling multiple concurrent requests. Since no mitigation exists, all applications using quarkus-resteasy are affected until patched. The ease of exploitation, lack of required privileges, and high impact on service uptime justify the high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1634"
},
{
"category": "external",
"summary": "RHBZ#2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1634"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/46412",
"url": "https://github.com/quarkusio/quarkus/issues/46412"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/pull/46419",
"url": "https://github.com/quarkusio/quarkus/pull/46419"
}
],
"release_date": "2025-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-02-10T23:00:52.785132+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "RHBZ#2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"release_date": "2025-02-10T21:57:28.730000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-02-10T23:00:54.794769+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Denial of Service attack on windows app using Netty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects Windows environments, therefore, this would affect an environment when running a supported Red Hat JBoss EAP 7 or 8, for example, if running on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25193"
},
{
"category": "external",
"summary": "RHBZ#2344788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386",
"url": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx",
"url": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx"
}
],
"release_date": "2025-02-10T22:02:17.197000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Denial of Service attack on windows app using Netty"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-07-11T15:01:08.754489+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379554"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass(...) method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48924"
},
{
"category": "external",
"summary": "RHBZ#2379554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1",
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
}
],
"release_date": "2025-07-11T14:56:58.049000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang"
},
{
"cve": "CVE-2025-49574",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"discovery_date": "2025-06-23T20:00:57.216622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374376"
}
],
"notes": [
{
"category": "description",
"text": "A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be unintentionally exposed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus/quarkus-vertx: Quarkus potential data leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49574"
},
{
"category": "external",
"summary": "RHBZ#2374376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1",
"url": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/48227",
"url": "https://github.com/quarkusio/quarkus/issues/48227"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4",
"url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4"
}
],
"release_date": "2025-06-23T19:47:05.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.quarkus/quarkus-vertx: Quarkus potential data leak"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-07-11T03:00:49.299379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379485"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Connect2id Nimbus JOSE + JWT. This issue can allow a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.0.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53864"
},
{
"category": "external",
"summary": "RHBZ#2379485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
},
{
"category": "external",
"summary": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested"
},
{
"category": "external",
"summary": "https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b",
"url": "https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b"
},
{
"category": "external",
"summary": "https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0",
"url": "https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-01T17:42:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.0.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT"
}
]
}
RHSA-2025:15643
Vulnerability from csaf_redhat - Published: 2025-09-10 15:05 - Updated: 2026-06-25 11:09Summary
Red Hat Security Advisory: Satellite 6.15.5.4 Async Update
Severity
Important
Notes
Topic: An update is now available for Red Hat Satellite 6.15 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009)
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.
7.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.src | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-0:6.15.5.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.15-utils:satellite-0:6.15.5.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.15:satellite-cli-0:6.15.5.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.15:satellite-common-0:6.15.5.4-1.el8sat.noarch | — |
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Satellite 6.15 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\n\nSecurity Fix(es):\n\n* Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009)\n\nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15643",
"url": "https://access.redhat.com/errata/RHSA-2025:15643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15643.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.15.5.4 Async Update",
"tracking": {
"current_release_date": "2026-06-25T11:09:20+00:00",
"generator": {
"date": "2026-06-25T11:09:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.1.0"
}
},
"id": "RHSA-2025:15643",
"initial_release_date": "2025-09-10T15:05:57+00:00",
"revision_history": [
{
"date": "2025-09-10T15:05:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-10T15:05:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T11:09:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "puppetserver-0:7.17.3.1-1.el8sat.src",
"product": {
"name": "puppetserver-0:7.17.3.1-1.el8sat.src",
"product_id": "puppetserver-0:7.17.3.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppetserver@7.17.3.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.15.5.4-1.el8sat.src",
"product": {
"name": "satellite-0:6.15.5.4-1.el8sat.src",
"product_id": "satellite-0:6.15.5.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.15.5.4-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "puppetserver-0:7.17.3.1-1.el8sat.noarch",
"product": {
"name": "puppetserver-0:7.17.3.1-1.el8sat.noarch",
"product_id": "puppetserver-0:7.17.3.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppetserver@7.17.3.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.15.5.4-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.15.5.4-1.el8sat.noarch",
"product_id": "satellite-0:6.15.5.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.15.5.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.15.5.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.15.5.4-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.15.5.4-1.el8sat.noarch",
"product_id": "satellite-common-0:6.15.5.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.15.5.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.15.5.4-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.15.5.4-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.15.5.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.15.5.4-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.17.3.1-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.noarch"
},
"product_reference": "puppetserver-0:7.17.3.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.17.3.1-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.src"
},
"product_reference": "puppetserver-0:7.17.3.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.5.4-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-0:6.15.5.4-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.5.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.15.5.4-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.4-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.15.5.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.5.4-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.4-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.5.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.5.4-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-0:6.15.5.4-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.5.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.5.4-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.4-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.17.3.1-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.noarch"
},
"product_reference": "puppetserver-0:7.17.3.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppetserver-0:7.17.3.1-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.src"
},
"product_reference": "puppetserver-0:7.17.3.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.5.4-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.15.5.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.5.4-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.5.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.5.4-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-cli-0:6.15.5.4-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.5.4-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-common-0:6.15.5.4-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.5.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-05-08T18:00:47.047186+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.4-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Jetty: Gzip Request Body Buffer Corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because a buffer management vulnerability exists within the GzipHandler\u0027s buffer release mechanism when encountering gzip errors during request body inflation, this flaw can lead to the incorrect release and subsequent inadvertent sharing and corruption of request body data between concurrent uncompressed requests, results in data exposure and incorrect processing of requests due to corrupted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.src",
"8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.noarch",
"8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.4-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "RHBZ#2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"release_date": "2025-05-08T17:29:31.380000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-10T15:05:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.src",
"8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.noarch",
"8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15643"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:puppetserver-0:7.17.3.1-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.noarch",
"8Base-satellite-6.15:puppetserver-0:7.17.3.1-1.el8sat.src",
"8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.5.4-1.el8sat.src",
"8Base-satellite-6.15:satellite-cli-0:6.15.5.4-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.5.4-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-server: Jetty: Gzip Request Body Buffer Corruption"
}
]
}
RHSA-2025:9697
Vulnerability from csaf_redhat - Published: 2025-06-25 19:47 - Updated: 2026-06-25 04:25Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.
Severity
Important
Notes
Topic: Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues
fixed.
Security Fix(es):
* jetty-server: Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734)
* postgresql: pgjdbc insecure authentication in channel binding (CVE-2025-49146)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.
7.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves in the middle of a connection and intercept the connection.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues\nfixed.\n\nSecurity Fix(es):\n \n* jetty-server: Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default (CVE-2025-48734)\n\n* postgresql: pgjdbc insecure authentication in channel binding (CVE-2025-49146)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9697",
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9697.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.",
"tracking": {
"current_release_date": "2026-06-25T04:25:03+00:00",
"generator": {
"date": "2026-06-25T04:25:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:9697",
"initial_release_date": "2025-06-25T19:47:43+00:00",
"revision_history": [
{
"date": "2025-06-25T19:47:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-25T19:47:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T04:25:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product": {
"name": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product_id": "Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-05-08T18:00:47.047186+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Jetty: Gzip Request Body Buffer Corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because a buffer management vulnerability exists within the GzipHandler\u0027s buffer release mechanism when encountering gzip errors during request body inflation, this flaw can lead to the incorrect release and subsequent inadvertent sharing and corruption of request body data between concurrent uncompressed requests, results in data exposure and incorrect processing of requests due to corrupted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "RHBZ#2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"release_date": "2025-05-08T17:29:31.380000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Jetty: Gzip Request Body Buffer Corruption"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
},
{
"cve": "CVE-2025-49146",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-06-11T15:01:33.735376+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372307"
}
],
"notes": [
{
"category": "description",
"text": "A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves in the middle of a connection and intercept the connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pgjdbc: pgjdbc insecure authentication in channel binding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49146"
},
{
"category": "external",
"summary": "RHBZ#2372307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0",
"url": "https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54"
}
],
"release_date": "2025-06-11T14:32:39.348000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T19:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.3 for Spring Boot 3.4.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pgjdbc: pgjdbc insecure authentication in channel binding"
}
]
}
RHSA-2025:9922
Vulnerability from csaf_redhat - Published: 2025-06-30 13:16 - Updated: 2026-06-25 04:25Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.9.1 release and security update
Severity
Important
Notes
Topic: Streams for Apache Kafka 2.9.1 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat Streams for Apache Kafka 2.9.1serves as a replacement for Red Hat Streams for Apache Kafka 2.9.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Cruise Control: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Security [amq-st-2] "(CVE-2023-1370)"
* Cruise Control, Bridge, Kafka: o.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Security[amq-st-2] "(CVE-2025-24970)"
* Cruise Control, Bridge, Kafka: netty: Denial of Service attack on windows app using Netty Security [amq-st-2] "(CVE-2025-25193)"
* Cruise Control: kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption Security [amq-st-2] "(CVE-2024-56128)"
* Cruise Control, Operator: Jetty: Gzip Request Body Buffer Corruption Security[amq-st-2]"(CVE-2024-13009)"
* Cruise Control: kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider Security [amq-st-2] "(CVE-2024-31141)"
* Cruise Control, Oerator, Kafka: org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority Security [amq-st-2] "(CVE-2024-6763)"
* Zookeeper: netty: Denial of Service attack on windows app using Netty
Security [amq-st-2] "(CVE-2024-47535)"
* Zookeeper, Kafka: commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Security [amq-st-2] "(CVE-2025-48734)"
* Bridge: org.apache.kafka: Kafka Client Arbitrary File Read SSRF Security [amq-st-2]"(CVE-2025-27817)"
* Bridge, Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout Security "(CVE-2025-1634)"
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect attack or an SSRF attack if the URI is used after passing validation checks.
CWE-1286 - Improper Validation of Syntactic Correctness of InputAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.
7.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations, which include the ability to read from disk or environment variables. In applications where an untrusted party can specify Apache Kafka Clients configurations, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM), which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka's SCRAM implementation did not perform this validation. In environments where SCRAM is operated over plaintext communication channels, an attacker with access to the exchange can intercept and potentially reuse authentication messages, leveraging the weak nonce validation to gain unauthorized access.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery (SSRF) by a malicious client. Consequently, this can allow an attacker to read arbitrary files on the Kafka broker or initiate requests to internal or external resources.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.1
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
83 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Streams for Apache Kafka 2.9.1 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 2.9.1serves as a replacement for Red Hat Streams for Apache Kafka 2.9.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Cruise Control: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Security [amq-st-2] \"(CVE-2023-1370)\"\n* Cruise Control, Bridge, Kafka: o.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine Security[amq-st-2] \"(CVE-2025-24970)\"\n* Cruise Control, Bridge, Kafka: netty: Denial of Service attack on windows app using Netty Security [amq-st-2] \"(CVE-2025-25193)\"\n* Cruise Control: kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption Security [amq-st-2] \"(CVE-2024-56128)\"\n* Cruise Control, Operator: Jetty: Gzip Request Body Buffer Corruption Security[amq-st-2]\"(CVE-2024-13009)\"\n* Cruise Control: kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider Security [amq-st-2] \"(CVE-2024-31141)\"\n* Cruise Control, Oerator, Kafka: org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority Security [amq-st-2] \"(CVE-2024-6763)\"\n* Zookeeper: netty: Denial of Service attack on windows app using Netty \n Security [amq-st-2] \"(CVE-2024-47535)\"\n* Zookeeper, Kafka: commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default Security [amq-st-2] \"(CVE-2025-48734)\"\n* Bridge: org.apache.kafka: Kafka Client Arbitrary File Read SSRF Security [amq-st-2]\"(CVE-2025-27817)\"\n* Bridge, Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout Security \"(CVE-2025-1634)\"",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9922",
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2318563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318563"
},
{
"category": "external",
"summary": "2325538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
},
{
"category": "external",
"summary": "2327264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327264"
},
{
"category": "external",
"summary": "2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "2344788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
},
{
"category": "external",
"summary": "2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2371367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371367"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9922.json"
}
],
"title": "Red Hat Security Advisory: Streams for Apache Kafka 2.9.1 release and security update",
"tracking": {
"current_release_date": "2026-06-25T04:25:07+00:00",
"generator": {
"date": "2026-06-25T04:25:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:9922",
"initial_release_date": "2025-06-30T13:16:39+00:00",
"revision_history": [
{
"date": "2025-06-30T13:16:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-30T13:16:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T04:25:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Streams for Apache Kafka 2.9.1",
"product": {
"name": "Streams for Apache Kafka 2.9.1",
"product_id": "Streams for Apache Kafka 2.9.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2.9::el9"
}
}
}
],
"category": "product_family",
"name": "Streams for Apache Kafka"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2024-10-14T16:00:54.963689+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318563"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect attack or an SSRF attack if the URI is used after passing validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For this attack to work, you would require the victim to have a vulnerable browser on top of that the URI being used after insufficient validation, all of which makes this a low-severity flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6763"
},
{
"category": "external",
"summary": "RHBZ#2318563",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318563"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/pull/12012",
"url": "https://github.com/jetty/jetty.project/pull/12012"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
}
],
"release_date": "2024-10-14T15:06:07.298000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-05-08T18:00:47.047186+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data from a previous request when processing the current one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Jetty: Gzip Request Body Buffer Corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because a buffer management vulnerability exists within the GzipHandler\u0027s buffer release mechanism when encountering gzip errors during request body inflation, this flaw can lead to the incorrect release and subsequent inadvertent sharing and corruption of request body data between concurrent uncompressed requests, results in data exposure and incorrect processing of requests due to corrupted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "RHBZ#2365135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"release_date": "2025-05-08T17:29:31.380000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-server: Jetty: Gzip Request Body Buffer Corruption"
},
{
"cve": "CVE-2024-31141",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2024-11-19T09:00:35.857468+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2327264"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations, which include the ability to read from disk or environment variables. In applications where an untrusted party can specify Apache Kafka Clients configurations, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31141"
},
{
"category": "external",
"summary": "RHBZ#2327264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327264"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv",
"url": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv"
}
],
"release_date": "2024-11-19T08:40:50.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider"
},
{
"cve": "CVE-2024-47535",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-11-12T16:01:18.772613+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2325538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Denial of Service attack on windows app using Netty",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47535"
},
{
"category": "external",
"summary": "RHBZ#2325538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
"url": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
}
],
"release_date": "2024-11-12T15:50:08.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Denial of Service attack on windows app using Netty"
},
{
"cve": "CVE-2024-56128",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2024-12-18T14:00:43.732728+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka\u0027s implementation of the Salted Challenge Response Authentication Mechanism (SCRAM), which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka\u0027s SCRAM implementation did not perform this validation. In environments where SCRAM is operated over plaintext communication channels, an attacker with access to the exchange can intercept and potentially reuse authentication messages, leveraging the weak nonce validation to gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked with an Important severity because it compromises a fundamental security requirement of the SCRAM protocol as specified in RFC 5802 \u2014the validation of nonces for ensuring message integrity and preventing replay attacks. Without proper nonce validation, an attacker with plaintext access to the SCRAM authentication exchange could manipulate or replay parts of the authentication process, potentially gaining unauthorized access or disrupting the integrity of authentication. While the use of plaintext communication for SCRAM is discouraged, many legacy systems or misconfigured deployments may still rely on it, making them directly susceptible.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56128"
},
{
"category": "external",
"summary": "RHBZ#2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802",
"url": "https://datatracker.ietf.org/doc/html/rfc5802"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802#section-9",
"url": "https://datatracker.ietf.org/doc/html/rfc5802#section-9"
},
{
"category": "external",
"summary": "https://kafka.apache.org/documentation/#security_sasl_scram_security",
"url": "https://kafka.apache.org/documentation/#security_sasl_scram_security"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw",
"url": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw"
}
],
"release_date": "2024-12-18T13:38:03.068000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption"
},
{
"cve": "CVE-2025-1634",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-02-24T14:17:31.237000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked as and Important severity rather than Moderate because it allows an unauthenticated attacker to trigger a denial of service condition by repeatedly sending crafted HTTP requests with low timeouts. The issue leads to a memory leak that cannot be recovered without restarting the application, ultimately resulting in an OutOfMemoryError and complete service failure.\n\nIn a production environment, this vulnerability poses a significant risk to availability, especially for applications handling multiple concurrent requests. Since no mitigation exists, all applications using quarkus-resteasy are affected until patched. The ease of exploitation, lack of required privileges, and high impact on service uptime justify the high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1634"
},
{
"category": "external",
"summary": "RHBZ#2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1634"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/46412",
"url": "https://github.com/quarkusio/quarkus/issues/46412"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/pull/46419",
"url": "https://github.com/quarkusio/quarkus/pull/46419"
}
],
"release_date": "2025-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-02-10T23:00:52.785132+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "RHBZ#2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"release_date": "2025-02-10T21:57:28.730000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-02-10T23:00:54.794769+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Denial of Service attack on windows app using Netty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects Windows environments, therefore, this would affect an environment when running a supported Red Hat JBoss EAP 7 or 8, for example, if running on Windows.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25193"
},
{
"category": "external",
"summary": "RHBZ#2344788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386",
"url": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx",
"url": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx"
}
],
"release_date": "2025-02-10T22:02:17.197000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Denial of Service attack on windows app using Netty"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-06-10T08:00:46.717358+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2371367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery (SSRF) by a malicious client. Consequently, this can allow an attacker to read arbitrary files on the Kafka broker or initiate requests to internal or external resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.kafka: Kafka Client Arbitrary File Read SSRF",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27817"
},
{
"category": "external",
"summary": "RHBZ#2371367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27817"
},
{
"category": "external",
"summary": "https://kafka.apache.org/cve-list",
"url": "https://kafka.apache.org/cve-list"
}
],
"release_date": "2025-06-10T07:55:14.422000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "workaround",
"details": "To mitigate this flaw, explicitly set the allowed urls in SASL JAAS configuration using the system property \"-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls\".",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.kafka: Kafka Client Arbitrary File Read SSRF"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-30T13:16:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
SUSE-SU-2025:01738-1
Vulnerability from csaf_suse - Published: 2025-05-29 09:37 - Updated: 2025-05-29 09:37Summary
Security update for jetty-minimal
Severity
Important
Notes
Title of the patch: Security update for jetty-minimal
Description of the patch: This update for jetty-minimal fixes the following issues:
Upgrade to version 9.4.57.v20241219
- CVE-2024-6763: the HttpURI class does insufficient validation on the authority segment of a URI (bsc#1231652)
- CVE-2024-13009: Gzip Request Body Buffer (bsc#1243271)
Patchnames: SUSE-2025-1738,SUSE-SLE-Module-Development-Tools-15-SP6-2025-1738,SUSE-SLE-Module-Development-Tools-15-SP7-2025-1738,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1738,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1738,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1738,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1738,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1738,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1738,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1738,SUSE-Storage-7.1-2025-1738,openSUSE-SLE-15.6-2025-1738
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
129 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
129 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpgrade to version 9.4.57.v20241219\n\n- CVE-2024-6763: the HttpURI class does insufficient validation on the authority segment of a URI (bsc#1231652)\n- CVE-2024-13009: Gzip Request Body Buffer (bsc#1243271)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1738,SUSE-SLE-Module-Development-Tools-15-SP6-2025-1738,SUSE-SLE-Module-Development-Tools-15-SP7-2025-1738,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1738,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1738,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1738,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1738,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1738,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1738,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1738,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1738,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1738,SUSE-Storage-7.1-2025-1738,openSUSE-SLE-15.6-2025-1738",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01738-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01738-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501738-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01738-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039393.html"
},
{
"category": "self",
"summary": "SUSE Bug 1231652",
"url": "https://bugzilla.suse.com/1231652"
},
{
"category": "self",
"summary": "SUSE Bug 1243271",
"url": "https://bugzilla.suse.com/1243271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6763 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6763/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2025-05-29T09:37:57Z",
"generator": {
"date": "2025-05-29T09:37:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01738-1",
"initial_release_date": "2025-05-29T09:37:57Z",
"revision_history": [
{
"date": "2025-05-29T09:37:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-annotations-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-annotations-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-ant-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-ant-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-cdi-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-cdi-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-client-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-client-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-continuation-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-deploy-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-deploy-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-fcgi-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-http-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-http-spi-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-io-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-jaas-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-jaas-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-jmx-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-jmx-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-jndi-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-jndi-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-jsp-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-jsp-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-openid-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-openid-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-plus-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-plus-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-project-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-project-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-proxy-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-proxy-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-quickstart-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-rewrite-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-security-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-server-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-servlet-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-servlets-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-servlets-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-start-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-start-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-util-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-webapp-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-webapp-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-api-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-client-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-common-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-server-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.57-150200.3.31.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-150200.3.31.1.noarch",
"product": {
"name": "jetty-xml-9.4.57-150200.3.31.1.noarch",
"product_id": "jetty-xml-9.4.57-150200.3.31.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-annotations-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-ant-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-cdi-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-client-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-continuation-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-deploy-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-io-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-jaas-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-jmx-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-jndi-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-jsp-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-openid-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-plus-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-proxy-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-security-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-server-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlet-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-servlets-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-start-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-webapp-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-150200.3.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
},
"product_reference": "jetty-xml-9.4.57-150200.3.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13009"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13009",
"url": "https://www.suse.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "SUSE Bug 1243271 for CVE-2024-13009",
"url": "https://bugzilla.suse.com/1243271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T09:37:57Z",
"details": "important"
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-6763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6763"
}
],
"notes": [
{
"category": "general",
"text": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC. Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6763",
"url": "https://www.suse.com/security/cve/CVE-2024-6763"
},
{
"category": "external",
"summary": "SUSE Bug 1231652 for CVE-2024-6763",
"url": "https://bugzilla.suse.com/1231652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.57-150200.3.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.57-150200.3.31.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.57-150200.3.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T09:37:57Z",
"details": "moderate"
}
],
"title": "CVE-2024-6763"
}
]
}
WID-SEC-W-2025-0987
Vulnerability from csaf_certbund - Published: 2025-05-08 22:00 - Updated: 2025-12-07 23:00Summary
Eclipse Jetty: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um Daten zu manipulieren oder einen Denial-of-Service auszulösen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
RealObjects PDFreactor <12.2
RealObjects / PDFreactor
|
<12.2 | ||
|
IBM Sterling Connect:Direct <6.3.0.6
IBM / Sterling Connect:Direct
|
<6.3.0.6 | ||
|
Atlassian Bamboo <10.2.6 (LTS)
Atlassian / Bamboo
|
<10.2.6 (LTS) | ||
|
Eclipse Jetty <9.4.57
Eclipse / Jetty
|
<9.4.57 | ||
|
Atlassian Bamboo <11.0.3
Atlassian / Bamboo
|
<11.0.3 | ||
|
Red Hat OpenShift Developer Tools and Services 4.16
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.16
|
Developer Tools and Services 4.16 | |
|
Atlassian Bamboo <9.6.15 (LTS)
Atlassian / Bamboo
|
<9.6.15 (LTS) | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Red Hat OpenShift Developer Tools and Services 4.18
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.18
|
Developer Tools and Services 4.18 | |
|
Red Hat OpenShift Developer Tools and Services 4.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.17
|
Developer Tools and Services 4.17 | |
|
SolarWinds Platform <2025.4.1
SolarWinds / Platform
|
<2025.4.1 | ||
|
IBM Sterling Connect:Direct <6.4.0.3_iFix007
IBM / Sterling Connect:Direct
|
<6.4.0.3_iFix007 | ||
|
IBM Sterling Connect:Direct <6.3.0.6_iFix006
IBM / Sterling Connect:Direct
|
<6.3.0.6_iFix006 | ||
|
Red Hat Integration Camel for Spring Boot 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_for_spring_boot_1
|
Camel for Spring Boot 1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Sterling Connect:Direct <6.4.0.3
IBM / Sterling Connect:Direct
|
<6.4.0.3 | ||
|
IBM Tivoli Netcool/OMNIbus
IBM
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:-
|
— | |
|
Red Hat OpenShift Developer Tools and Services 4.15
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.15
|
Developer Tools and Services 4.15 | |
|
Red Hat OpenShift Developer Tools and Services 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.12
|
Developer Tools and Services 4.12 | |
|
IBM Storage Scale <5.2.3.4
IBM / Storage Scale
|
<5.2.3.4 | ||
|
Red Hat OpenShift Developer Tools and Services 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.13
|
Developer Tools and Services 4.13 |
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Developer Tools and Services 4.14
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.14
|
Developer Tools and Services 4.14 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
RealObjects PDFreactor <12.2
RealObjects / PDFreactor
|
<12.2 | ||
|
IBM Sterling Connect:Direct <6.3.0.6
IBM / Sterling Connect:Direct
|
<6.3.0.6 | ||
|
Atlassian Bamboo <10.2.6 (LTS)
Atlassian / Bamboo
|
<10.2.6 (LTS) | ||
|
Atlassian Bamboo <11.0.3
Atlassian / Bamboo
|
<11.0.3 | ||
|
Red Hat OpenShift Developer Tools and Services 4.16
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.16
|
Developer Tools and Services 4.16 | |
|
Eclipse Jetty <12.0.17
Eclipse / Jetty
|
<12.0.17 | ||
|
Atlassian Bamboo <9.6.15 (LTS)
Atlassian / Bamboo
|
<9.6.15 (LTS) | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Red Hat OpenShift Developer Tools and Services 4.18
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.18
|
Developer Tools and Services 4.18 | |
|
Red Hat OpenShift Developer Tools and Services 4.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.17
|
Developer Tools and Services 4.17 | |
|
SolarWinds Platform <2025.4.1
SolarWinds / Platform
|
<2025.4.1 | ||
|
IBM Sterling Connect:Direct <6.4.0.3_iFix007
IBM / Sterling Connect:Direct
|
<6.4.0.3_iFix007 | ||
|
IBM Sterling Connect:Direct <6.3.0.6_iFix006
IBM / Sterling Connect:Direct
|
<6.3.0.6_iFix006 | ||
|
Red Hat Integration Camel for Spring Boot 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_for_spring_boot_1
|
Camel for Spring Boot 1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
IBM Sterling Connect:Direct <6.4.0.3
IBM / Sterling Connect:Direct
|
<6.4.0.3 | ||
|
IBM Tivoli Netcool/OMNIbus
IBM
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:-
|
— | |
|
Red Hat OpenShift Developer Tools and Services 4.15
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.15
|
Developer Tools and Services 4.15 | |
|
Red Hat OpenShift Developer Tools and Services 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.12
|
Developer Tools and Services 4.12 | |
|
IBM Storage Scale <5.2.3.4
IBM / Storage Scale
|
<5.2.3.4 | ||
|
Red Hat OpenShift Developer Tools and Services 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.13
|
Developer Tools and Services 4.13 |
References
30 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um Daten zu manipulieren oder einen Denial-of-Service auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0987 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0987.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0987 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0987"
},
{
"category": "external",
"summary": "jetty-announce vom 2025-05-08",
"url": "https://www.eclipse.org/lists/jetty-announce/msg00197.html"
},
{
"category": "external",
"summary": "jetty GitHub vom 2025-05-08",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "jetty-announce vom 2025-05-08",
"url": "https://www.eclipse.org/lists/jetty-announce/msg00198.html"
},
{
"category": "external",
"summary": "jetty GitHub vom 2025-05-08",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7696 vom 2025-05-15",
"url": "https://access.redhat.com/errata/RHSA-2025:7696"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15160-1 vom 2025-05-27",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YHGGC7B6PWN2UBH367C4SXP6PWNDYAXM/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01738-1 vom 2025-05-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4ULIFKC3HN46CWW5I3UU5DGUJKMLM6UC/"
},
{
"category": "external",
"summary": "PDFreactor 12.2 release notes vom 2025-06-17",
"url": "https://www.pdfreactor.com/pdfreactor-12-2-now-available/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9697 vom 2025-06-26",
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9922 vom 2025-06-30",
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10118 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10097 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10097"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10098 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10120 vom 2025-07-02",
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10092 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10092"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10104 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10119 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - July 15 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-july-15-2025-1590658642.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12511 vom 2025-08-03",
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13274 vom 2025-08-06",
"url": "https://access.redhat.com/errata/RHSA-2025:13274"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15643 vom 2025-09-10",
"url": "https://access.redhat.com/errata/RHSA-2025:15643"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-126 vom 2025-09-30",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-126/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7246921 vom 2025-10-01",
"url": "https://www.ibm.com/support/pages/node/7246921"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7246867 vom 2025-10-01",
"url": "https://www.ibm.com/support/pages/node/7246867"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7248973 vom 2025-10-23",
"url": "https://www.ibm.com/support/pages/node/7248973"
},
{
"category": "external",
"summary": "SolarWinds Platform 2025.4.1 release notes vom 2025-11-18",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-4-1_release_notes.htm"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7252914 vom 2025-11-27",
"url": "https://www.ibm.com/support/pages/node/7252914"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7253912 vom 2025-12-05",
"url": "https://www.ibm.com/support/pages/node/7253912"
}
],
"source_lang": "en-US",
"title": "Eclipse Jetty: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-07T23:00:00.000+00:00",
"generator": {
"date": "2025-12-08T07:50:51.392+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-0987",
"initial_release_date": "2025-05-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-01T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-23T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-17T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-11-27T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-07T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.3",
"product": {
"name": "Atlassian Bamboo \u003c11.0.3",
"product_id": "T045447"
}
},
{
"category": "product_version",
"name": "11.0.3",
"product": {
"name": "Atlassian Bamboo 11.0.3",
"product_id": "T045447-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:11.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.6 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c10.2.6 (LTS)",
"product_id": "T045448"
}
},
{
"category": "product_version",
"name": "10.2.6 (LTS)",
"product": {
"name": "Atlassian Bamboo 10.2.6 (LTS)",
"product_id": "T045448-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.6_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.15 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c9.6.15 (LTS)",
"product_id": "T045449"
}
},
{
"category": "product_version",
"name": "9.6.15 (LTS)",
"product": {
"name": "Atlassian Bamboo 9.6.15 (LTS)",
"product_id": "T045449-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.15_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.57",
"product": {
"name": "Eclipse Jetty \u003c9.4.57",
"product_id": "T043523"
}
},
{
"category": "product_version",
"name": "9.4.57",
"product": {
"name": "Eclipse Jetty 9.4.57",
"product_id": "T043523-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:9.4.57"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.17",
"product": {
"name": "Eclipse Jetty \u003c12.0.17",
"product_id": "T043524"
}
},
{
"category": "product_version",
"name": "12.0.17",
"product": {
"name": "Eclipse Jetty 12.0.17",
"product_id": "T043524-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:12.0.17"
}
}
}
],
"category": "product_name",
"name": "Jetty"
}
],
"category": "vendor",
"name": "Eclipse"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.0.6",
"product": {
"name": "IBM Sterling Connect:Direct \u003c6.3.0.6",
"product_id": "T047329"
}
},
{
"category": "product_version",
"name": "6.3.0.6",
"product": {
"name": "IBM Sterling Connect:Direct 6.3.0.6",
"product_id": "T047329-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.3.0.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.4.0.3",
"product": {
"name": "IBM Sterling Connect:Direct \u003c6.4.0.3",
"product_id": "T047332"
}
},
{
"category": "product_version",
"name": "6.4.0.3",
"product": {
"name": "IBM Sterling Connect:Direct 6.4.0.3",
"product_id": "T047332-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.4.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.3.0.6_iFix006",
"product": {
"name": "IBM Sterling Connect:Direct \u003c6.3.0.6_iFix006",
"product_id": "T047345"
}
},
{
"category": "product_version",
"name": "6.3.0.6_iFix006",
"product": {
"name": "IBM Sterling Connect:Direct 6.3.0.6_iFix006",
"product_id": "T047345-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.3.0.6_ifix006"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.4.0.3_iFix007",
"product": {
"name": "IBM Sterling Connect:Direct \u003c6.4.0.3_iFix007",
"product_id": "T047346"
}
},
{
"category": "product_version",
"name": "6.4.0.3_iFix007",
"product": {
"name": "IBM Sterling Connect:Direct 6.4.0.3_iFix007",
"product_id": "T047346-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.4.0.3_ifix007"
}
}
}
],
"category": "product_name",
"name": "Sterling Connect:Direct"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.3.4",
"product": {
"name": "IBM Storage Scale \u003c5.2.3.4",
"product_id": "T048104"
}
},
{
"category": "product_version",
"name": "5.2.3.4",
"product": {
"name": "IBM Storage Scale 5.2.3.4",
"product_id": "T048104-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:5.2.3.4"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
},
{
"category": "product_name",
"name": "IBM Tivoli Netcool/OMNIbus",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus",
"product_id": "T004181",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.2",
"product": {
"name": "RealObjects PDFreactor \u003c12.2",
"product_id": "T044675"
}
},
{
"category": "product_version",
"name": "12.2",
"product": {
"name": "RealObjects PDFreactor 12.2",
"product_id": "T044675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.2"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Camel for Spring Boot 1",
"product": {
"name": "Red Hat Integration Camel for Spring Boot 1",
"product_id": "T035240",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_for_spring_boot_1"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_version",
"name": "Developer Tools and Services 4.14",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.14",
"product_id": "T031233",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.14"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.16",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.16",
"product_id": "T044977",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.16"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.17",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.17",
"product_id": "T044978",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.17"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.18",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.18",
"product_id": "T044979",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.18"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.15",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.15",
"product_id": "T044980",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.15"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.13",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.13",
"product_id": "T044981",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.13"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.12",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.12",
"product_id": "T044982",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.12"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2025.4.1",
"product": {
"name": "SolarWinds Platform \u003c2025.4.1",
"product_id": "T048650"
}
},
{
"category": "product_version",
"name": "2025.4.1",
"product": {
"name": "SolarWinds Platform 2025.4.1",
"product_id": "T048650-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:orion_platform:2025.4.1"
}
}
}
],
"category": "product_name",
"name": "Platform"
}
],
"category": "vendor",
"name": "SolarWinds"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"product_status": {
"known_affected": [
"T031233",
"67646",
"T038840",
"T044675",
"T047329",
"T045448",
"T043523",
"T045447",
"T044977",
"T045449",
"T021415",
"T044979",
"T044978",
"T048650",
"T047346",
"T047345",
"T035240",
"T002207",
"T027843",
"T047332",
"T004181",
"T044980",
"T044982",
"T048104",
"T044981"
]
},
"release_date": "2025-05-08T22:00:00.000+00:00",
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2025-1948",
"product_status": {
"known_affected": [
"T031233",
"67646",
"T038840",
"T044675",
"T047329",
"T045448",
"T045447",
"T044977",
"T043524",
"T045449",
"T021415",
"T044979",
"T044978",
"T048650",
"T047346",
"T047345",
"T035240",
"T002207",
"T027843",
"T047332",
"T004181",
"T044980",
"T044982",
"T048104",
"T044981"
]
},
"release_date": "2025-05-08T22:00:00.000+00:00",
"title": "CVE-2025-1948"
}
]
}
WID-SEC-W-2025-1989
Vulnerability from csaf_certbund - Published: 2025-09-08 22:00 - Updated: 2025-09-23 22:00Summary
SAP Patchday September 2025: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um sich erweiterte Berechtigungen zu verschaffen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere nicht näher spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um sich erweiterte Berechtigungen zu verschaffen, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder andere nicht n\u00e4her spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1989 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1989.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1989 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1989"
},
{
"category": "external",
"summary": "SAP Patchday September 2025 vom 2025-09-08",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2025: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-23T22:00:00.000+00:00",
"generator": {
"date": "2025-09-24T05:11:07.916+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1989",
"initial_release_date": "2025-09-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-2025-42907 erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T046772",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-27500",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2023-27500"
},
{
"cve": "CVE-2023-5072",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2024-13009",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2025-22228",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-27428",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-27428"
},
{
"cve": "CVE-2025-42907",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42907"
},
{
"cve": "CVE-2025-42911",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42911"
},
{
"cve": "CVE-2025-42912",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42912"
},
{
"cve": "CVE-2025-42913",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42913"
},
{
"cve": "CVE-2025-42914",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42914"
},
{
"cve": "CVE-2025-42915",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42915"
},
{
"cve": "CVE-2025-42916",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42916"
},
{
"cve": "CVE-2025-42917",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42917"
},
{
"cve": "CVE-2025-42918",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42918"
},
{
"cve": "CVE-2025-42920",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42920"
},
{
"cve": "CVE-2025-42922",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42922"
},
{
"cve": "CVE-2025-42923",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42923"
},
{
"cve": "CVE-2025-42925",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42925"
},
{
"cve": "CVE-2025-42926",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42926"
},
{
"cve": "CVE-2025-42927",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42927"
},
{
"cve": "CVE-2025-42929",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42929"
},
{
"cve": "CVE-2025-42930",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42930"
},
{
"cve": "CVE-2025-42933",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42933"
},
{
"cve": "CVE-2025-42938",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42938"
},
{
"cve": "CVE-2025-42941",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42941"
},
{
"cve": "CVE-2025-42944",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42944"
},
{
"cve": "CVE-2025-42958",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42958"
},
{
"cve": "CVE-2025-42961",
"product_status": {
"known_affected": [
"T046772"
]
},
"release_date": "2025-09-08T22:00:00.000+00:00",
"title": "CVE-2025-42961"
}
]
}
WID-SEC-W-2025-2364
Vulnerability from csaf_certbund - Published: 2025-10-21 22:00 - Updated: 2025-10-22 22:00Summary
Oracle JD Edwards: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Komponenten der Oracle JDEdwards sind vollständig integrierte und komplette Lösungen geschäftlicher Anwendungen (ERP) für Unternehmen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle JD Edwards ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- Windows
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle JD Edwards <=9.2.9.4
Oracle / JD Edwards
|
<=9.2.9.4 |
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle JD Edwards <=9.2.9.4
Oracle / JD Edwards
|
<=9.2.9.4 |
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle JD Edwards <=9.2.9.4
Oracle / JD Edwards
|
<=9.2.9.4 |
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle JD Edwards <=9.2.9.4
Oracle / JD Edwards
|
<=9.2.9.4 |
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle JD Edwards <=9.2.9.4
Oracle / JD Edwards
|
<=9.2.9.4 |
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle JD Edwards <=9.2.9.4
Oracle / JD Edwards
|
<=9.2.9.4 |
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle JD Edwards <=9.2.9.4
Oracle / JD Edwards
|
<=9.2.9.4 |
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle JD Edwards <=9.2.9.4
Oracle / JD Edwards
|
<=9.2.9.4 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Komponenten der Oracle JDEdwards sind vollst\u00e4ndig integrierte und komplette L\u00f6sungen gesch\u00e4ftlicher Anwendungen (ERP) f\u00fcr Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle JD Edwards ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2364 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2364.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2364 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2364"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2025 - Appendix Oracle JD Edwards vom 2025-10-21",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixJDE"
}
],
"source_lang": "en-US",
"title": "Oracle JD Edwards: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-22T22:00:00.000+00:00",
"generator": {
"date": "2025-10-23T08:39:21.262+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2364",
"initial_release_date": "2025-10-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-35278, EUVD-2025-35274"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=9.2.9.4",
"product": {
"name": "Oracle JD Edwards \u003c=9.2.9.4",
"product_id": "T047955"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.2.9.4",
"product": {
"name": "Oracle JD Edwards \u003c=9.2.9.4",
"product_id": "T047955-fixed"
}
}
],
"category": "product_name",
"name": "JD Edwards"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22897",
"product_status": {
"last_affected": [
"T047955"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2024-13009",
"product_status": {
"last_affected": [
"T047955"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-52046",
"product_status": {
"last_affected": [
"T047955"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2024-9143",
"product_status": {
"last_affected": [
"T047955"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2025-31672",
"product_status": {
"last_affected": [
"T047955"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"last_affected": [
"T047955"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-53056",
"product_status": {
"last_affected": [
"T047955"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-53056"
},
{
"cve": "CVE-2025-53060",
"product_status": {
"last_affected": [
"T047955"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-53060"
}
]
}
WID-SEC-W-2026-0158
Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-20 23:00Summary
Oracle Enterprise Manager: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 13.3.0.1
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.3.0.1
|
13.3.0.1 | |
|
Oracle Enterprise Manager 13.5
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5
|
13.5 | |
|
Oracle Enterprise Manager 24.1
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:24.1
|
24.1 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 13.3.0.1
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.3.0.1
|
13.3.0.1 | |
|
Oracle Enterprise Manager 13.5
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5
|
13.5 | |
|
Oracle Enterprise Manager 24.1
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:24.1
|
24.1 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle f\u00fcr Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0158 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0158.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0158 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0158"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle Enterprise Manager vom 2026-01-20",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixEM"
}
],
"source_lang": "en-US",
"title": "Oracle Enterprise Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-20T23:00:00.000+00:00",
"generator": {
"date": "2026-01-21T08:49:08.661+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0158",
"initial_release_date": "2026-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "13.3.0.1",
"product": {
"name": "Oracle Enterprise Manager 13.3.0.1",
"product_id": "T018974",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:13.3.0.1"
}
}
},
{
"category": "product_version",
"name": "13.5",
"product": {
"name": "Oracle Enterprise Manager 13.5",
"product_id": "T047905",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:13.5"
}
}
},
{
"category": "product_version",
"name": "24.1",
"product": {
"name": "Oracle Enterprise Manager 24.1",
"product_id": "T047906",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:24.1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Manager"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"product_status": {
"known_affected": [
"T018974",
"T047905",
"T047906"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T018974",
"T047905",
"T047906"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48924"
}
]
}
WID-SEC-W-2026-0162
Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-20 23:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0162 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0162.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0162 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0162"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle Fusion Middleware vom 2026-01-20",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixFMW"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-20T23:00:00.000+00:00",
"generator": {
"date": "2026-01-21T08:54:09.162+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0162",
"initial_release_date": "2026-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
},
{
"category": "product_version",
"name": "14.1.2.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.2.0.0",
"product_id": "T040467",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
}
}
},
{
"category": "product_version",
"name": "14.1.2.1.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.2.1.0",
"product_id": "T047913",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.1.0"
}
}
},
{
"category": "product_version",
"name": "8.5.8",
"product": {
"name": "Oracle Fusion Middleware 8.5.8",
"product_id": "T047914",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.8"
}
}
},
{
"category": "product_version",
"name": "15.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 15.1.1.0.0",
"product_id": "T050142",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:15.1.1.0.0"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2021-45105"
},
{
"cve": "CVE-2022-41342",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2022-41342"
},
{
"cve": "CVE-2024-13009",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-42516",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-42516"
},
{
"cve": "CVE-2024-43204",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-43204"
},
{
"cve": "CVE-2024-47252",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-47252"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56406",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-56406"
},
{
"cve": "CVE-2025-12383",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-23048",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-23048"
},
{
"cve": "CVE-2025-26333",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-41248",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-43967",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-4949",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-49796",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-5115",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-53864",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54571",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-54874",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-54988",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66516",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21962",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21962"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…