Vulnerability-Lookup

CVE-2024-21208 (GCVE-0-2024-21208)

Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2025-11-03 21:52

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.
CWE-203 - Observable Discrepancy

Assigner

oracle

References

3 references

URL	Tags
https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory
https://lists.debian.org/debian-lts-announce/2024…
https://security.netapp.com/advisory/ntap-2024101…

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:8u421 Affected: Oracle Java SE:8u421-perf Affected: Oracle Java SE:11.0.24 Affected: Oracle Java SE:17.0.12 Affected: Oracle Java SE:21.0.4 Affected: Oracle Java SE:23 Affected: Oracle GraalVM for JDK:17.0.12 Affected: Oracle GraalVM for JDK:21.0.4 Affected: Oracle GraalVM for JDK:23 Affected: Oracle GraalVM Enterprise Edition:20.3.15 Affected: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:::::::* cpe:2.3:a:oracle:java_se:8u421::::enterprise_performance::: cpe:2.3:a:oracle:java_se:11.0.24:::::::* cpe:2.3:a:oracle:java_se:17.0.12:::::::* cpe:2.3:a:oracle:java_se:21.0.4:::::::* cpe:2.3:a:oracle:java_se:23:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::* cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21208",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:27:45.725418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:06:16.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:56.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241018-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:40.907Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21208",
    "datePublished": "2024-10-15T19:52:40.907Z",
    "dateReserved": "2023-12-07T22:28:10.690Z",
    "dateUpdated": "2025-11-03T21:52:56.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-21208",
      "date": "2026-06-28",
      "epss": "0.01018",
      "percentile": "0.59009"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Networking). Las versiones compatibles afectadas son Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, dif\\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\\u00e9s de m\\u00faltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar una denegaci\\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o subprogramas Java en entornos aislados, que cargan y ejecutan c\\u00f3digo no confiable (por ejemplo, c\\u00f3digo que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\\u00f3digo confiable (por ejemplo, c\\u00f3digo instalado por un administrador). Puntuaci\\u00f3n base de CVSS 3.1: 3,7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}]",
      "id": "CVE-2024-21208",
      "lastModified": "2024-10-31T13:35:05.287",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert_us@oracle.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 1.4}]}",
      "published": "2024-10-15T20:15:09.437",
      "references": "[{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2024.html\", \"source\": \"secalert_us@oracle.com\"}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21208\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2024-10-15T20:15:09.437\",\"lastModified\":\"2026-06-17T07:08:45.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Networking). Las versiones compatibles afectadas son Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o subprogramas Java en entornos aislados, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). Puntuaci\u00f3n base de CVSS 3.1: 3,7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}],\"affected\":[{\"source\":\"secalert_us@oracle.com\",\"affectedData\":[{\"vendor\":\"Oracle Corporation\",\"product\":\"Oracle Java SE\",\"cpes\":[\"cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*\",\"cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*\",\"cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*\",\"cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*\",\"cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*\",\"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*\",\"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*\",\"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*\",\"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*\",\"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*\",\"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*\"],\"versions\":[{\"version\":\"Oracle Java SE:8u421\",\"status\":\"affected\"},{\"version\":\"Oracle Java SE:8u421-perf\",\"status\":\"affected\"},{\"version\":\"Oracle Java SE:11.0.24\",\"status\":\"affected\"},{\"version\":\"Oracle Java SE:17.0.12\",\"status\":\"affected\"},{\"version\":\"Oracle Java SE:21.0.4\",\"status\":\"affected\"},{\"version\":\"Oracle Java SE:23\",\"status\":\"affected\"},{\"version\":\"Oracle GraalVM for JDK:17.0.12\",\"status\":\"affected\"},{\"version\":\"Oracle GraalVM for JDK:21.0.4\",\"status\":\"affected\"},{\"version\":\"Oracle GraalVM for JDK:23\",\"status\":\"affected\"},{\"version\":\"Oracle GraalVM Enterprise Edition:20.3.15\",\"status\":\"affected\"},{\"version\":\"Oracle GraalVM Enterprise Edition:21.3.11\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-10-17T13:27:45.725418Z\",\"id\":\"CVE-2024-21208\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"93A899CF-69C5-46A3-BE20-E9F128FB079E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"44A007AC-88D1-4F18-B1AD-C69600AD643C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDDE5C6D-036C-42FC-BD31-366175914F3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4162209C-031A-4AD9-9F19-445236332DA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DD0AB0E-208D-4856-9F31-3A4BB5213FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update421:*:*:-:*:*:*\",\"matchCriteriaId\":\"9C681771-C202-4A4A-A357-A18286023C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update421:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"EBBF3C52-6ACD-45F4-9245-719AC2A96473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"199C19B3-D4FC-4925-A249-9889242B7452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:17.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0161CF7-985D-4832-B2DC-90CC1F9CB1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:21.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21DC98DB-A180-4E74-9049-427B60AA574A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9137A4EB-820C-4F05-983A-5534CFB0E019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update421:*:*:-:*:*:*\",\"matchCriteriaId\":\"C3128079-D0DB-4708-B3C9-74B6A7CCAB98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update421:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"BDA0765B-413B-4FFF-BC00-94C84FE4BFBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:11.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FE84109-8702-41A7-B18A-C399737EBF27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:17.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EB0A022-55BA-4968-A7CE-619BF1389981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:21.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F12FD7-FB8A-4420-83D2-6C94A787A841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5792796D-D244-4382-8DE2-30359F5CD9CD\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2024.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241018-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241018-0010/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:52:56.996Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21208\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-17T13:27:45.725418Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-17T13:28:30.923Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*\", \"cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*\", \"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*\"], \"vendor\": \"Oracle Corporation\", \"product\": \"Oracle Java SE\", \"versions\": [{\"status\": \"affected\", \"version\": \"Oracle Java SE:8u421\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:8u421-perf\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:11.0.24\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:17.0.12\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:21.0.4\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:17.0.12\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:21.0.4\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:20.3.15\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:21.3.11\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2024.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2024-10-15T19:52:40.907Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21208\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:52:56.996Z\", \"dateReserved\": \"2023-12-07T22:28:10.690Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2024-10-15T19:52:40.907Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2025-0580

Vulnerability from csaf_certbund - Published: 2025-03-17 23:00 - Updated: 2025-08-21 22:00

Summary

IBM License Metric Tool: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.

Angriff: Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder SSRF-Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2024-10917

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-12797

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-21208

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-21210

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-21217

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-21235

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-45296

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-52798

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-57965

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2025-27111

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2025-27152

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2025-25184

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7186586	external
https://advisories.gitlab.com/pkg/gem/rack/CVE-20…	external
https://github.com/advisories/GHSA-rhx6-c78j-4q9w	external
https://support.hcl-software.com/csm?id=kb_articl…	external
https://www.ibm.com/support/pages/node/7242813	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder SSRF-Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0580 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0580.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0580 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0580"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-03-17",
        "url": "https://www.ibm.com/support/pages/node/7186586"
      },
      {
        "category": "external",
        "summary": "POC f\u00fcr CVE-2025-25184",
        "url": "https://advisories.gitlab.com/pkg/gem/rack/CVE-2025-25184/"
      },
      {
        "category": "external",
        "summary": "POC f\u00fcr CVE-2024-52798",
        "url": "https://github.com/advisories/GHSA-rhx6-c78j-4q9w"
      },
      {
        "category": "external",
        "summary": "HCL Article KB0120960 vom 2025-05-02",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120960"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7242813 vom 2025-08-21",
        "url": "https://www.ibm.com/support/pages/node/7242813"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM License Metric Tool: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-21T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-22T07:46:14.099+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-0580",
      "initial_release_date": "2025-03-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-03-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2025-08-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Compliance",
                "product": {
                  "name": "HCL BigFix Compliance",
                  "product_id": "T038823",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:bigfix:compliance"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BigFix"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.2.39",
                "product": {
                  "name": "IBM License Metric Tool \u003c9.2.39",
                  "product_id": "T041960"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.39",
                "product": {
                  "name": "IBM License Metric Tool 9.2.39",
                  "product_id": "T041960-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:license_metric_tool:9.2.39"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "License Metric Tool"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.6",
                "product": {
                  "name": "IBM Rational Business Developer 9.6",
                  "product_id": "T023629",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_business_developer:9.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.7",
                "product": {
                  "name": "IBM Rational Business Developer 9.7",
                  "product_id": "T023630",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_business_developer:9.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Business Developer"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10917",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-10917"
    },
    {
      "cve": "CVE-2024-12797",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-12797"
    },
    {
      "cve": "CVE-2024-21208",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-21208"
    },
    {
      "cve": "CVE-2024-21210",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-21210"
    },
    {
      "cve": "CVE-2024-21217",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-21217"
    },
    {
      "cve": "CVE-2024-21235",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-21235"
    },
    {
      "cve": "CVE-2024-45296",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-45296"
    },
    {
      "cve": "CVE-2024-52798",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-52798"
    },
    {
      "cve": "CVE-2024-57965",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-57965"
    },
    {
      "cve": "CVE-2025-27111",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2025-27111"
    },
    {
      "cve": "CVE-2025-27152",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2025-27152"
    },
    {
      "cve": "CVE-2025-25184",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2025-25184"
    }
  ]
}

WID-SEC-W-2025-0794

Vulnerability from csaf_certbund - Published: 2025-04-13 22:00 - Updated: 2025-09-04 22:00

Summary

Juniper Junos Space: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um seine Privilegien zu erhöhen, um einen Denial of Service Zustand herbeizuführen und um andere, nicht näher spezifizierte Auswirkungen zu erzielen.

Betroffene Betriebssysteme: - Juniper Appliance

CVE-2021-47596

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2022-24808

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2022-39253

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2023-28746

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2023-48161

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2023-6597

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-0450

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-1737

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-1975

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21208

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21210

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21217

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21235

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21823

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-23271

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-26735

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-26852

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-26993

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-27052

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-27820

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-27838

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-27851

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-28182

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-2961

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32002

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32004

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32020

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32021

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32465

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-33599

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-33600

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-33601

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-33602

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-35845

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-35899

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-3651

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-3652

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-36971

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-39487

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-4076

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40782

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40789

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40866

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40954

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40958

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-42284

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-42472

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-44187

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-6232

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-7006

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://supportportal.juniper.net/s/article/2025-…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2-2025-2987.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um seine Privilegien zu erh\u00f6hen, um einen Denial of Service Zustand herbeizuf\u00fchren und um andere, nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Juniper Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0794 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0794.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0794 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0794"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin JSA96447 vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release?language=en_US"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20047-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021306.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2987 vom 2025-09-04",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2987.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper Junos Space: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-09-04T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-05T07:11:18.754+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-0794",
      "initial_release_date": "2025-04-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-06-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-09-04T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c24.1R3",
                "product": {
                  "name": "Juniper Junos Space \u003c24.1R3",
                  "product_id": "T042758"
                }
              },
              {
                "category": "product_version",
                "name": "24.1R3",
                "product": {
                  "name": "Juniper Junos Space 24.1R3",
                  "product_id": "T042758-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:junos_space:24.1r3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Junos Space"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-47596",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2021-47596"
    },
    {
      "cve": "CVE-2022-24808",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2022-24808"
    },
    {
      "cve": "CVE-2022-39253",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2022-39253"
    },
    {
      "cve": "CVE-2023-28746",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2023-28746"
    },
    {
      "cve": "CVE-2023-48161",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2023-48161"
    },
    {
      "cve": "CVE-2023-6597",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2023-6597"
    },
    {
      "cve": "CVE-2024-0450",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-1737",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-1737"
    },
    {
      "cve": "CVE-2024-1975",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-1975"
    },
    {
      "cve": "CVE-2024-21208",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21208"
    },
    {
      "cve": "CVE-2024-21210",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21210"
    },
    {
      "cve": "CVE-2024-21217",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21217"
    },
    {
      "cve": "CVE-2024-21235",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21235"
    },
    {
      "cve": "CVE-2024-21823",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21823"
    },
    {
      "cve": "CVE-2024-23271",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-23271"
    },
    {
      "cve": "CVE-2024-26735",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-26735"
    },
    {
      "cve": "CVE-2024-26852",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-26852"
    },
    {
      "cve": "CVE-2024-26993",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-26993"
    },
    {
      "cve": "CVE-2024-27052",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-27052"
    },
    {
      "cve": "CVE-2024-27820",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-27820"
    },
    {
      "cve": "CVE-2024-27838",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-27838"
    },
    {
      "cve": "CVE-2024-27851",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-27851"
    },
    {
      "cve": "CVE-2024-28182",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-2961",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-2961"
    },
    {
      "cve": "CVE-2024-32002",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32002"
    },
    {
      "cve": "CVE-2024-32004",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32004"
    },
    {
      "cve": "CVE-2024-32020",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32020"
    },
    {
      "cve": "CVE-2024-32021",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32021"
    },
    {
      "cve": "CVE-2024-32465",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32465"
    },
    {
      "cve": "CVE-2024-33599",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-33599"
    },
    {
      "cve": "CVE-2024-33600",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-33600"
    },
    {
      "cve": "CVE-2024-33601",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-33601"
    },
    {
      "cve": "CVE-2024-33602",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-33602"
    },
    {
      "cve": "CVE-2024-35845",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-35845"
    },
    {
      "cve": "CVE-2024-35899",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-35899"
    },
    {
      "cve": "CVE-2024-3651",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-3651"
    },
    {
      "cve": "CVE-2024-3652",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-3652"
    },
    {
      "cve": "CVE-2024-36971",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-36971"
    },
    {
      "cve": "CVE-2024-39487",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-39487"
    },
    {
      "cve": "CVE-2024-4076",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-4076"
    },
    {
      "cve": "CVE-2024-40782",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40782"
    },
    {
      "cve": "CVE-2024-40789",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40789"
    },
    {
      "cve": "CVE-2024-40866",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40866"
    },
    {
      "cve": "CVE-2024-40954",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40954"
    },
    {
      "cve": "CVE-2024-40958",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40958"
    },
    {
      "cve": "CVE-2024-42284",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-42284"
    },
    {
      "cve": "CVE-2024-42472",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-42472"
    },
    {
      "cve": "CVE-2024-44187",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-44187"
    },
    {
      "cve": "CVE-2024-6232",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-6232"
    },
    {
      "cve": "CVE-2024-7006",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-7006"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-21208 (GCVE-0-2024-21208)

WID-SEC-W-2025-0580

WID-SEC-W-2025-0794

Tags

Sightings

Nomenclature