Vulnerability-Lookup

CVE-2024-29133 (GCVE-0-2024-29133)

Vulnerability from cvelistv5 – Published: 2024-03-21 09:05 – Updated: 2025-02-13 17:47

Title

Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

Summary

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

Severity

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-787 - Out-of-bounds Write

Assigner

apache

References

4 references

URL	Tags
https://lists.apache.org/thread/ccb9w15bscznh6tnp…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
http://www.openwall.com/lists/oss-security/2024/03/20/3

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Commons Configuration	Affected: 2.0 , < 2.10.1 (semver)

Credits

Gary Gregory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-29133",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-29T14:19:05.620422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T16:31:00.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/20/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-configuration2",
          "product": "Apache Commons Configuration",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.10.1",
              "status": "affected",
              "version": "2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gary Gregory"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Out-of-bounds Write vulnerability in Apache Commons Configuration.\u003cp\u003eThis issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T17:09:21.890Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/20/3"
        }
      ],
      "source": {
        "defect": [
          "CONFIGURATION-841"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-29133",
    "datePublished": "2024-03-21T09:05:47.597Z",
    "dateReserved": "2024-03-17T13:18:24.956Z",
    "dateUpdated": "2025-02-13T17:47:38.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-29133",
      "date": "2026-06-15",
      "epss": "0.01727",
      "percentile": "0.74513"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\\n\\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de escritura fuera de los l\\u00edmites en la configuraci\\u00f3n de Apache Commons. Este problema afecta a la configuraci\\u00f3n de Apache Commons: desde 2.0 antes de 2.10.1. Se recomienda a los usuarios actualizar a la versi\\u00f3n 2.10.1, que soluciona el problema.\"}]",
      "id": "CVE-2024-29133",
      "lastModified": "2024-11-21T09:07:37.603",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}]}",
      "published": "2024-03-21T09:15:07.943",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/20/3\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/20/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-29133\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-03-21T09:15:07.943\",\"lastModified\":\"2025-05-01T19:12:24.250\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\\n\\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de escritura fuera de los l\u00edmites en la configuraci\u00f3n de Apache Commons. Este problema afecta a la configuraci\u00f3n de Apache Commons: desde 2.0 antes de 2.10.1. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.10.1, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_configuration:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.10.1\",\"matchCriteriaId\":\"73FC9C7B-3EF7-4229-AC45-F142EBA294D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/20/3\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/20/3\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:03:51.813Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29133\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-29T14:19:05.620422Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:20.313Z\"}}], \"cna\": {\"title\": \"Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree\", \"source\": {\"defect\": [\"CONFIGURATION-841\"], \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gary Gregory\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons Configuration\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\", \"lessThan\": \"2.10.1\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.commons:commons-configuration2\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/20/3\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\\n\\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Out-of-bounds Write vulnerability in Apache Commons Configuration.\u003cp\u003eThis issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-03-21T09:05:47.597Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-29133\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-04T16:31:00.286Z\", \"dateReserved\": \"2024-03-17T13:18:24.956Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-03-21T09:05:47.597Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

NCSC-2024-0418

Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:19 - Updated: 2024-10-17 13:19

Summary

Kwetsbaarheden verholpen in Oracle Analytics

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft kwetsbaarheden verholpen in Analytics producten.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service - Manipuleren van data - Uitvoer van willekeurige code (Gebruikersrechten) - Uitvoer van willekeurige code (Administratorrechten) - Toegang tot gevoelige gegevens

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-606: Unchecked Input for Loop Condition

CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE-345: Insufficient Verification of Data Authenticity

CWE-325: Missing Cryptographic Step

CWE-404: Improper Resource Shutdown or Release

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1333: Inefficient Regular Expression Complexity

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-476: NULL Pointer Dereference

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-918: Server-Side Request Forgery (SSRF)

CWE-787: Out-of-bounds Write

CWE-122: Heap-based Buffer Overflow

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2022-23305

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Known affected 27 products

CVE-2023-0401

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 13 products

Product	Identifier	Version
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:::::::*`	—

CVE-2023-5678

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Affected products

Known affected 9 products

Product	Identifier	Version
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—

CVE-2023-35116

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 10 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—

CVE-2023-38545

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 9 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::`	—

CVE-2024-21195

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Affected products

Known affected 3 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—

CVE-2024-21254

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 3 products

Product	Identifier	Version
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—

CVE-2024-26308

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 8 products

Product	Identifier	Version
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—

CVE-2024-29133

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 6 products

Product	Identifier	Version
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:::::::*`	—
business_intelligence_enterprise_edition oracle	`cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:::::::*`	—

CVE-2024-29736

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—

CVE-2024-38809

8.0 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:::::::*`	—
bi_publisher oracle	`cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:::::::*`	—

CVE-2024-38999

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 3 products

Product	Identifier	Version
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0::::enterprise:::`	—

CVE-2024-39689

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-345 - Insufficient Verification of Data Authenticity

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
business_intelligence oracle	`cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0::::enterprise:::`	—

References

14 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Analytics producten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Unchecked Input for Loop Condition",
        "title": "CWE-606"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Insufficient Verification of Data Authenticity",
        "title": "CWE-345"
      },
      {
        "category": "general",
        "text": "Missing Cryptographic Step",
        "title": "CWE-325"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
        "title": "CWE-89"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
        "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Analytics",
    "tracking": {
      "current_release_date": "2024-10-17T13:19:50.583299Z",
      "id": "NCSC-2024-0418",
      "initial_release_date": "2024-10-17T13:19:50.583299Z",
      "revision_history": [
        {
          "date": "2024-10-17T13:19:50.583299Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-1503573",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765388",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764727",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764729",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765383",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765385",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765389",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764725",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764728",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764730",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764726",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765386",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765384",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764234",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765387",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764929",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764778",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764930",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764235",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764236",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-1503574",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-376906",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:*:enterprise:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-135812",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-220360",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:enterprise:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-135810",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-179569",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-257324",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1650736",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-9197",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-9493",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220546",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-228391",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220545",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220560",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-1673195",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-23305",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "title": "CWE-89"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-135810",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764234",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764235",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-764236",
          "CSAFPID-9493",
          "CSAFPID-764778",
          "CSAFPID-228391",
          "CSAFPID-220546",
          "CSAFPID-9197",
          "CSAFPID-764929",
          "CSAFPID-764930",
          "CSAFPID-765383",
          "CSAFPID-765384",
          "CSAFPID-765385",
          "CSAFPID-765386",
          "CSAFPID-765387",
          "CSAFPID-765388",
          "CSAFPID-765389",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-23305",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23305.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-135810",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764234",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764235",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-764236",
            "CSAFPID-9493",
            "CSAFPID-764778",
            "CSAFPID-228391",
            "CSAFPID-220546",
            "CSAFPID-9197",
            "CSAFPID-764929",
            "CSAFPID-764930",
            "CSAFPID-765383",
            "CSAFPID-765384",
            "CSAFPID-765385",
            "CSAFPID-765386",
            "CSAFPID-765387",
            "CSAFPID-765388",
            "CSAFPID-765389",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2022-23305"
    },
    {
      "cve": "CVE-2023-0401",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-135810",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764729",
          "CSAFPID-764730"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-0401",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0401.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-135810",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764729",
            "CSAFPID-764730"
          ]
        }
      ],
      "title": "CVE-2023-0401"
    },
    {
      "cve": "CVE-2023-5678",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        },
        {
          "category": "other",
          "text": "Missing Cryptographic Step",
          "title": "CWE-325"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324",
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5678",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
        }
      ],
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-35116",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-257324",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-35116",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35116.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-257324",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574"
          ]
        }
      ],
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-38545",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-1650736",
          "CSAFPID-257324",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-38545",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38545.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-1650736",
            "CSAFPID-257324",
            "CSAFPID-135810"
          ]
        }
      ],
      "title": "CVE-2023-38545"
    },
    {
      "cve": "CVE-2024-21195",
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-1673195",
          "CSAFPID-220560"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21195",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21195.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-1673195",
            "CSAFPID-220560"
          ]
        }
      ],
      "title": "CVE-2024-21195"
    },
    {
      "cve": "CVE-2024-21254",
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21254",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21254.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-21254"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324",
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26308",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324",
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574"
          ]
        }
      ],
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29133",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-1503574"
          ]
        }
      ],
      "title": "CVE-2024-29133"
    },
    {
      "cve": "CVE-2024-29736",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29736",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29736.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-29736"
    },
    {
      "cve": "CVE-2024-38809",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38809",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-38809"
    },
    {
      "cve": "CVE-2024-38999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-135810",
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38999",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-135810",
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-38999"
    },
    {
      "cve": "CVE-2024-39689",
      "cwe": {
        "id": "CWE-345",
        "name": "Insufficient Verification of Data Authenticity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Verification of Data Authenticity",
          "title": "CWE-345"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-39689",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736"
          ]
        }
      ],
      "title": "CVE-2024-39689"
    }
  ]
}

NCSC-2025-0021

Vulnerability from csaf_ncscnl - Published: 2025-01-22 13:30 - Updated: 2025-01-22 13:30

Summary

Kwetsbaarheden verholpen in Oracle Communications

Notes

Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.

Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-1395: Dependency on Vulnerable Third-Party Component

CWE-670: Always-Incorrect Control Flow Implementation

CWE-405: Asymmetric Resource Consumption (Amplification)

CWE-35: Path Traversal: '.../...//'

CWE-466: Return of Pointer Value Outside of Expected Range

CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-676: Use of Potentially Dangerous Function

CWE-606: Unchecked Input for Loop Condition

CWE-450: Multiple Interpretations of UI Input

CWE-131: Incorrect Calculation of Buffer Size

CWE-328: Use of Weak Hash

CWE-130: Improper Handling of Length Parameter Inconsistency

CWE-669: Incorrect Resource Transfer Between Spheres

CWE-1220: Insufficient Granularity of Access Control

CWE-201: Insertion of Sensitive Information Into Sent Data

CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-755: Improper Handling of Exceptional Conditions

CWE-347: Improper Verification of Cryptographic Signature

CWE-834: Excessive Iteration

CWE-178: Improper Handling of Case Sensitivity

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-440: Expected Behavior Violation

CWE-415: Double Free

CWE-311: Missing Encryption of Sensitive Data

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE-703: Improper Check or Handling of Exceptional Conditions

CWE-617: Reachable Assertion

CWE-427: Uncontrolled Search Path Element

CWE-836: Use of Password Hash Instead of Password for Authentication

CWE-680: Integer Overflow to Buffer Overflow

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CWE-23: Relative Path Traversal

CWE-116: Improper Encoding or Escaping of Output

CWE-345: Insufficient Verification of Data Authenticity

CWE-203: Observable Discrepancy

CWE-354: Improper Validation of Integrity Check Value

CWE-325: Missing Cryptographic Step

CWE-190: Integer Overflow or Wraparound

CWE-451: User Interface (UI) Misrepresentation of Critical Information

CWE-61: UNIX Symbolic Link (Symlink) Following

CWE-552: Files or Directories Accessible to External Parties

CWE-639: Authorization Bypass Through User-Controlled Key

CWE-798: Use of Hard-coded Credentials

CWE-434: Unrestricted Upload of File with Dangerous Type

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-404: Improper Resource Shutdown or Release

CWE-284: Improper Access Control

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1333: Inefficient Regular Expression Complexity

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-416: Use After Free

CWE-476: NULL Pointer Dereference

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-502: Deserialization of Untrusted Data

CWE-248: Uncaught Exception

CWE-674: Uncontrolled Recursion

CWE-863: Incorrect Authorization

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-611: Improper Restriction of XML External Entity Reference

CWE-787: Out-of-bounds Write

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-122: Heap-based Buffer Overflow

CWE-121: Stack-based Buffer Overflow

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-269: Improper Privilege Management

CWE-20: Improper Input Validation

CWE-209: Generation of Error Message Containing Sensitive Information

CWE-276: Incorrect Default Permissions

CWE-294: Authentication Bypass by Capture-replay

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-41727

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—

CVE-2023-4408

CWE-400 - Uncontrolled Resource Consumption

CVE-2023-5678

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Affected products

Known affected 97 products

CVE-2023-5981

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-203 - Observable Discrepancy

Affected products

Known affected 61 products

CVE-2023-6597

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-61 - UNIX Symbolic Link (Symlink) Following

Affected products

Known affected 95 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0:::::::*`	—

CVE-2023-7256

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-415 - Double Free

Affected products

Known affected 3 products

Product	Identifier	Version
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—

CVE-2023-29407

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-834 - Excessive Iteration

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—

CVE-2023-29408

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 14 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2023-40577

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:::::::*`	—

CVE-2023-46218

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Known affected 98 products

CVE-2023-46219

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 98 products

CVE-2023-46604

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 115 products

CVE-2023-50868

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-0232

CWE-416 - Use After Free

Affected products

Known affected 75 products

CVE-2024-0397

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 60 products

CVE-2024-0450

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-450 - Multiple Interpretations of UI Input

Affected products

Known affected 107 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications::::::::`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0:::::::*`	—

CVE-2024-1442

6.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

CWE-269 - Improper Privilege Management

Affected products

Known affected 14 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-2961

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 93 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications::::::::`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:::::::*`	—

CVE-2024-3596

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Affected products

Known affected 4 products

Product	Identifier	Version
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.1:::::::*`	—

CVE-2024-4030

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-276 - Incorrect Default Permissions

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—

CVE-2024-4032

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-440 - Expected Behavior Violation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—

CVE-2024-5535

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.1:::::::*`	—

CVE-2024-6119

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:::::::*`	—

CVE-2024-6162

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 123 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.1.0:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-6232

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—

CVE-2024-7254

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 53 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-7592

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 14 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-7885

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 13 products

Product	Identifier	Version
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.2:::::::*`	—

CVE-2024-8006

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 3 products

Product	Identifier	Version
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—

CVE-2024-9143

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.1:::::::*`	—

CVE-2024-22195

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 58 products

CVE-2024-24786

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 14 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-24791

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:::::::*`	—

CVE-2024-25638

8.9 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

CWE-345 - Insufficient Verification of Data Authenticity

Affected products

Known affected 43 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_converged_application_server oracle	`cpe:2.3:a:oracle:communications_converged_application_server:8.0:::::::*`	—
communications_converged_application_server oracle	`cpe:2.3:a:oracle:communications_converged_application_server:8.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.2:::::::*`	—

CVE-2024-25710

8.1 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 126 products

CVE-2024-26308

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 171 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.7.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:22.4.0:::::::*`	—
communications___9.0.2 oracle	`cpe:2.3:a:oracle:communications___9.0.2::::::::`	—
communications___7.2.1.0.0 oracle	`cpe:2.3:a:oracle:communications___7.2.1.0.0::::::::`	—
communications___23.4.2 oracle	`cpe:2.3:a:oracle:communications___23.4.2::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications::::::::`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-27309

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 15 products

Product	Identifier	Version
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-28219

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Known affected 6 products

Product	Identifier	Version
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—

CVE-2024-28834

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—

CVE-2024-28835

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-248 - Uncaught Exception

Affected products

Known affected 3 products

Product	Identifier	Version
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—

CVE-2024-28849

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 119 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications::::::::`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.1-6.0.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-29025

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 125 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:::::::*`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1.0.26:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-29131

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 64 products

CVE-2024-29133

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 86 products

Product	Identifier	Version
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-33599

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 11 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:::::::*`	—

CVE-2024-33600

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 11 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:::::::*`	—

CVE-2024-33601

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-703 - Improper Check or Handling of Exceptional Conditions

Affected products

Known affected 11 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:::::::*`	—

CVE-2024-33602

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-466 - Return of Pointer Value Outside of Expected Range

Affected products

Known affected 42 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:::::::*`	—

CVE-2024-34064

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 97 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.4:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.2:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.1.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—

CVE-2024-34750

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 - Improper Handling of Exceptional Conditions

Affected products

Known affected 40 products

Product	Identifier	Version
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4.0:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:47.0.0.0.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—

CVE-2024-35195

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-670 - Always-Incorrect Control Flow Implementation

Affected products

Known affected 25 products

Product	Identifier	Version
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.0.0:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.1.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.2:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.8:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-37370

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 20 products

CVE-2024-37371

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 64 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0-15.0.0.1:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4-12.0.0.8:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-37891

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-669 - Incorrect Resource Transfer Between Spheres

Affected products

Known affected 54 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0-15.0.0.1:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4-12.0.0.8:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:15.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-38475

CWE-284 - Improper Access Control

CVE-2024-38807

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Known affected 16 products

Product	Identifier	Version
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-38809

8.0 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—

CVE-2024-38816

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 41 products

Product	Identifier	Version
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—

CVE-2024-38819

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 10 products

Product	Identifier	Version
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:::::::*`	—

CVE-2024-38820

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 10 products

Product	Identifier	Version
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:::::::*`	—

CVE-2024-38827

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Known affected 19 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-38998

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 15 products

CVE-2024-38999

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 15 products

CVE-2024-41817

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-427 - Uncontrolled Search Path Element

Affected products

Known affected 16 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—

CVE-2024-45490

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 7 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—

CVE-2024-45491

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 7 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—

CVE-2024-45492

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 50 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—

CVE-2024-47535

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 15 products

Product	Identifier	Version
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-47554

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 19 products

Product	Identifier	Version
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.2.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:::::::*`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:::::::*`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.3.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.4-6.0.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-47561

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 14 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.4-6.0.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2024-47803

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Known affected 9 products

Product	Identifier	Version
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—

CVE-2024-47804

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-863 - Incorrect Authorization

Affected products

Known affected 9 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—

CVE-2024-49766

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:::::::*`	—

CVE-2024-49767

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 11 products

Product	Identifier	Version
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.2:::::::*`	—

CVE-2024-50379

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—

CVE-2024-50602

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 4 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:::::::*`	—

CVE-2024-53677

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—

CVE-2024-54677

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—

CVE-2024-56337

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—

CVE-2025-21542

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected products

Known affected 16 products

Product	Identifier	Version
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2025-21544

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected products

Known affected 16 products

Product	Identifier	Version
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

CVE-2025-21554

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 16 products

Product	Identifier	Version
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.26:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1.0.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.0.0.3:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.1.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications::::::::`	—

References

83 references

URL	Category
https://www.oracle.com/security-alerts/cpujan2025.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Dependency on Vulnerable Third-Party Component",
        "title": "CWE-1395"
      },
      {
        "category": "general",
        "text": "Always-Incorrect Control Flow Implementation",
        "title": "CWE-670"
      },
      {
        "category": "general",
        "text": "Asymmetric Resource Consumption (Amplification)",
        "title": "CWE-405"
      },
      {
        "category": "general",
        "text": "Path Traversal: \u0027.../...//\u0027",
        "title": "CWE-35"
      },
      {
        "category": "general",
        "text": "Return of Pointer Value Outside of Expected Range",
        "title": "CWE-466"
      },
      {
        "category": "general",
        "text": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
        "title": "CWE-338"
      },
      {
        "category": "general",
        "text": "Use of Potentially Dangerous Function",
        "title": "CWE-676"
      },
      {
        "category": "general",
        "text": "Unchecked Input for Loop Condition",
        "title": "CWE-606"
      },
      {
        "category": "general",
        "text": "Multiple Interpretations of UI Input",
        "title": "CWE-450"
      },
      {
        "category": "general",
        "text": "Incorrect Calculation of Buffer Size",
        "title": "CWE-131"
      },
      {
        "category": "general",
        "text": "Use of Weak Hash",
        "title": "CWE-328"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "Incorrect Resource Transfer Between Spheres",
        "title": "CWE-669"
      },
      {
        "category": "general",
        "text": "Insufficient Granularity of Access Control",
        "title": "CWE-1220"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information Into Sent Data",
        "title": "CWE-201"
      },
      {
        "category": "general",
        "text": "Acceptance of Extraneous Untrusted Data With Trusted Data",
        "title": "CWE-349"
      },
      {
        "category": "general",
        "text": "Improper Handling of Exceptional Conditions",
        "title": "CWE-755"
      },
      {
        "category": "general",
        "text": "Improper Verification of Cryptographic Signature",
        "title": "CWE-347"
      },
      {
        "category": "general",
        "text": "Excessive Iteration",
        "title": "CWE-834"
      },
      {
        "category": "general",
        "text": "Improper Handling of Case Sensitivity",
        "title": "CWE-178"
      },
      {
        "category": "general",
        "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
        "title": "CWE-367"
      },
      {
        "category": "general",
        "text": "Expected Behavior Violation",
        "title": "CWE-440"
      },
      {
        "category": "general",
        "text": "Double Free",
        "title": "CWE-415"
      },
      {
        "category": "general",
        "text": "Missing Encryption of Sensitive Data",
        "title": "CWE-311"
      },
      {
        "category": "general",
        "text": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
        "title": "CWE-924"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Improper Check or Handling of Exceptional Conditions",
        "title": "CWE-703"
      },
      {
        "category": "general",
        "text": "Reachable Assertion",
        "title": "CWE-617"
      },
      {
        "category": "general",
        "text": "Uncontrolled Search Path Element",
        "title": "CWE-427"
      },
      {
        "category": "general",
        "text": "Use of Password Hash Instead of Password for Authentication",
        "title": "CWE-836"
      },
      {
        "category": "general",
        "text": "Integer Overflow to Buffer Overflow",
        "title": "CWE-680"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Relative Path Traversal",
        "title": "CWE-23"
      },
      {
        "category": "general",
        "text": "Improper Encoding or Escaping of Output",
        "title": "CWE-116"
      },
      {
        "category": "general",
        "text": "Insufficient Verification of Data Authenticity",
        "title": "CWE-345"
      },
      {
        "category": "general",
        "text": "Observable Discrepancy",
        "title": "CWE-203"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Missing Cryptographic Step",
        "title": "CWE-325"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "User Interface (UI) Misrepresentation of Critical Information",
        "title": "CWE-451"
      },
      {
        "category": "general",
        "text": "UNIX Symbolic Link (Symlink) Following",
        "title": "CWE-61"
      },
      {
        "category": "general",
        "text": "Files or Directories Accessible to External Parties",
        "title": "CWE-552"
      },
      {
        "category": "general",
        "text": "Authorization Bypass Through User-Controlled Key",
        "title": "CWE-639"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Credentials",
        "title": "CWE-798"
      },
      {
        "category": "general",
        "text": "Unrestricted Upload of File with Dangerous Type",
        "title": "CWE-434"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Use of a Broken or Risky Cryptographic Algorithm",
        "title": "CWE-327"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Uncaught Exception",
        "title": "CWE-248"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Improper Privilege Management",
        "title": "CWE-269"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Generation of Error Message Containing Sensitive Information",
        "title": "CWE-209"
      },
      {
        "category": "general",
        "text": "Incorrect Default Permissions",
        "title": "CWE-276"
      },
      {
        "category": "general",
        "text": "Authentication Bypass by Capture-replay",
        "title": "CWE-294"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Communications",
    "tracking": {
      "current_release_date": "2025-01-22T13:30:50.189632Z",
      "id": "NCSC-2025-0021",
      "initial_release_date": "2025-01-22T13:30:50.189632Z",
      "revision_history": [
        {
          "date": "2025-01-22T13:30:50.189632Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1727475",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635313",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635305",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635311",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635312",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635323",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670430",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674632",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674630",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635320",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674633",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670439",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635322",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670429",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670435",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670431",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670436",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670432",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635321",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635310",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635318",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674640",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674642",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670434",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635316",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674639",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635314",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674638",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674637",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635306",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635307",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635317",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635319",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670438",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635324",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635315",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670433",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674641",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674635",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674636",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670437",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674631",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674634",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635308",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635309",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications__10.4.0.4",
            "product": {
              "name": "communications__10.4.0.4",
              "product_id": "CSAFPID-1674629",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.2",
            "product": {
              "name": "communications___23.4.2",
              "product_id": "CSAFPID-1670442",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.3",
            "product": {
              "name": "communications___23.4.3",
              "product_id": "CSAFPID-1635325",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.4",
            "product": {
              "name": "communications___23.4.4",
              "product_id": "CSAFPID-1635326",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.5",
            "product": {
              "name": "communications___23.4.5",
              "product_id": "CSAFPID-1674645",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.6",
            "product": {
              "name": "communications___23.4.6",
              "product_id": "CSAFPID-1674646",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___24.2.0",
            "product": {
              "name": "communications___24.2.0",
              "product_id": "CSAFPID-1674644",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___7.2.1.0.0",
            "product": {
              "name": "communications___7.2.1.0.0",
              "product_id": "CSAFPID-1670441",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___8.6.0.6",
            "product": {
              "name": "communications___8.6.0.6",
              "product_id": "CSAFPID-1635327",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___8.6.0.8",
            "product": {
              "name": "communications___8.6.0.8",
              "product_id": "CSAFPID-1635328",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___9.0.2",
            "product": {
              "name": "communications___9.0.2",
              "product_id": "CSAFPID-1670440",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___9.0.3",
            "product": {
              "name": "communications___9.0.3",
              "product_id": "CSAFPID-1635329",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___9.1.1.8.0",
            "product": {
              "name": "communications___9.1.1.8.0",
              "product_id": "CSAFPID-1674643",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751386",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674621",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751381",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:15.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751383",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:15.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751378",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751377",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751385",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674618",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674619",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674622",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751384",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674617",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674623",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751382",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:8.0.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751380",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:8.1.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1751379",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:8.1.0.26:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674620",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___12.0.6.0.0",
            "product": {
              "name": "communications_applications___12.0.6.0.0",
              "product_id": "CSAFPID-1674627",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___5.5.22",
            "product": {
              "name": "communications_applications___5.5.22",
              "product_id": "CSAFPID-1674626",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___6.0.3",
            "product": {
              "name": "communications_applications___6.0.3",
              "product_id": "CSAFPID-1674628",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___6.0.4",
            "product": {
              "name": "communications_applications___6.0.4",
              "product_id": "CSAFPID-1674624",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___6.0.5",
            "product": {
              "name": "communications_applications___6.0.5",
              "product_id": "CSAFPID-1674625",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_asap",
            "product": {
              "name": "communications_asap",
              "product_id": "CSAFPID-816792",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-764735",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-1751255",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-1751254",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0-15.0.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-816793",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-912557",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-764247",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-1650820",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-912556",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-1751303",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-220055",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-816765",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-816766",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-816767",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-1503577",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-1751300",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-764237",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1650752",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1673396",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1751085",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1751079",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_certificate_management",
            "product": {
              "name": "communications_cloud_native_core_certificate_management",
              "product_id": "CSAFPID-1673526",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_certificate_management",
            "product": {
              "name": "communications_cloud_native_core_certificate_management",
              "product_id": "CSAFPID-1673391",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_certificate_management",
            "product": {
              "name": "communications_cloud_native_core_certificate_management",
              "product_id": "CSAFPID-1673394",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_certificate_management",
            "product": {
              "name": "communications_cloud_native_core_certificate_management",
              "product_id": "CSAFPID-1751253",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-816768",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-816769",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-912085",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-1503578",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-1673389",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-1673390",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-1751090",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_dbtier",
            "product": {
              "name": "communications_cloud_native_core_dbtier",
              "product_id": "CSAFPID-1673421",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_dbtier",
            "product": {
              "name": "communications_cloud_native_core_dbtier",
              "product_id": "CSAFPID-1673420",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_dbtier",
            "product": {
              "name": "communications_cloud_native_core_dbtier",
              "product_id": "CSAFPID-1751246",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-816770",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-816771",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-912068",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-1503579",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-816772",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-912076",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-1503580",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-219838",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-611387",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-816773",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912101",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-1503581",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-1751208",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-1751209",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912539",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912540",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912541",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912542",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912543",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-816774",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-816346",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-912077",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-1503322",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-1673413",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-1673415",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-1751231",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-816775",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-912544",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-816348",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-912545",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-816347",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-1673494",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-816776",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-816777",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-764240",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1650751",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1673517",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1673395",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-912069",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1751225",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1751088",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1751089",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-94291",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-816778",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-614517",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-912547",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-1673392",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-1503582",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-1673393",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-1751081",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-1751084",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-912546",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-224795",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-912548",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-912102",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-912549",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1503583",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1503584",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1503585",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1672767",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1751241",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-764826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-90016",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-912078",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-816349",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-912550",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1503586",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1503587",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1751238",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1751240",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1673399",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1751239",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1751080",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1751082",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-816779",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_application_server",
            "product": {
              "name": "communications_converged_application_server",
              "product_id": "CSAFPID-1751229",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_application_server:8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_application_server",
            "product": {
              "name": "communications_converged_application_server",
              "product_id": "CSAFPID-1751230",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_application_server:8.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_charging_system",
            "product": {
              "name": "communications_converged_charging_system",
              "product_id": "CSAFPID-1503599",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_charging_system",
            "product": {
              "name": "communications_converged_charging_system",
              "product_id": "CSAFPID-1503600",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-1751292",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.2.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-1751294",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-224793",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-1751295",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-816794",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-342793",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-1650777",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-1265",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-816350",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-1261",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_core_session_manager",
            "product": {
              "name": "communications_core_session_manager",
              "product_id": "CSAFPID-1672764",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1503588",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1751104",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.3.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-40293",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1751242",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1751237",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1751097",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-611413",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1751211",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-912551",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-912552",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_element_management_system",
            "product": {
              "name": "communications_eagle_element_management_system",
              "product_id": "CSAFPID-1503316",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_element_management_system",
            "product": {
              "name": "communications_eagle_element_management_system",
              "product_id": "CSAFPID-1503317",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_element_management_system",
            "product": {
              "name": "communications_eagle_element_management_system",
              "product_id": "CSAFPID-1751243",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:47.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-764242",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-819413",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-819414",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.2.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-816780",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_fraud_monitor",
            "product": {
              "name": "communications_fraud_monitor",
              "product_id": "CSAFPID-816781",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_fraud_monitor",
            "product": {
              "name": "communications_fraud_monitor",
              "product_id": "CSAFPID-816782",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_fraud_monitor",
            "product": {
              "name": "communications_fraud_monitor",
              "product_id": "CSAFPID-912553",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_instant_messaging_server",
            "product": {
              "name": "communications_instant_messaging_server",
              "product_id": "CSAFPID-219803",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_ip_service_activator",
            "product": {
              "name": "communications_ip_service_activator",
              "product_id": "CSAFPID-204622",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_ip_service_activator",
            "product": {
              "name": "communications_ip_service_activator",
              "product_id": "CSAFPID-219909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_messaging_server",
            "product": {
              "name": "communications_messaging_server",
              "product_id": "CSAFPID-816351",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_messaging_server",
            "product": {
              "name": "communications_messaging_server",
              "product_id": "CSAFPID-1751218",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.26:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_metasolv_solution",
            "product": {
              "name": "communications_metasolv_solution",
              "product_id": "CSAFPID-611595",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816353",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816352",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-1503589",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-1503590",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-1673414",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816783",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816786",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816784",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816787",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816785",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816788",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-342803",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-1650778",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-1266",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-816354",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-204563",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_integrity",
            "product": {
              "name": "communications_network_integrity",
              "product_id": "CSAFPID-219776",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_offline_mediation_controller",
            "product": {
              "name": "communications_offline_mediation_controller",
              "product_id": "CSAFPID-765242",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_offline_mediation_controller",
            "product": {
              "name": "communications_offline_mediation_controller",
              "product_id": "CSAFPID-916906",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.8:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_offline_mediation_controller",
            "product": {
              "name": "communications_offline_mediation_controller",
              "product_id": "CSAFPID-1751247",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_offline_mediation_controller",
            "product": {
              "name": "communications_offline_mediation_controller",
              "product_id": "CSAFPID-1751248",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_operations_monitor",
            "product": {
              "name": "communications_operations_monitor",
              "product_id": "CSAFPID-93781",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_operations_monitor",
            "product": {
              "name": "communications_operations_monitor",
              "product_id": "CSAFPID-220132",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_operations_monitor",
            "product": {
              "name": "communications_operations_monitor",
              "product_id": "CSAFPID-912079",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-224790",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-221118",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-1673496",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_performance_intelligence",
            "product": {
              "name": "communications_performance_intelligence",
              "product_id": "CSAFPID-1503591",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_policy_management",
            "product": {
              "name": "communications_policy_management",
              "product_id": "CSAFPID-816789",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_policy_management",
            "product": {
              "name": "communications_policy_management",
              "product_id": "CSAFPID-816790",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_pricing_design_center",
            "product": {
              "name": "communications_pricing_design_center",
              "product_id": "CSAFPID-764738",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_pricing_design_center",
            "product": {
              "name": "communications_pricing_design_center",
              "product_id": "CSAFPID-816355",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-1503601",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816359",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816358",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816357",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-912558",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-1751233",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-1503602",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-1751234",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816795",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816796",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816797",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1503592",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1503593",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1672762",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1503594",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1503595",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-342804",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-819415",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-819416",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-816791",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-240600",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1673382",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1650731",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1673530",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1751235",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.1-6.0.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1751296",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4-6.0.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-764739",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-8984",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-204510",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-204569",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-219826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-912073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1503596",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1503597",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1503598",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1751217",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-912080",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1673481",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1751258",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:15.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_webrtc_session_controller",
            "product": {
              "name": "communications_webrtc_session_controller",
              "product_id": "CSAFPID-912554",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41727",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-41727",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41727.json"
        }
      ],
      "title": "CVE-2022-41727"
    },
    {
      "cve": "CVE-2023-4408",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4408",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4408.json"
        }
      ],
      "title": "CVE-2023-4408"
    },
    {
      "cve": "CVE-2023-5678",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        },
        {
          "category": "other",
          "text": "Missing Cryptographic Step",
          "title": "CWE-325"
        },
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764237",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-816773",
          "CSAFPID-816348",
          "CSAFPID-764240",
          "CSAFPID-614517",
          "CSAFPID-224795",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-342804",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-219776",
          "CSAFPID-765242",
          "CSAFPID-764739",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-912073",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-912077",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912085",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5678",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
        }
      ],
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5981",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1751217",
          "CSAFPID-1673481"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5981",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5981.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1751217",
            "CSAFPID-1673481"
          ]
        }
      ],
      "title": "CVE-2023-5981"
    },
    {
      "cve": "CVE-2023-6597",
      "cwe": {
        "id": "CWE-61",
        "name": "UNIX Symbolic Link (Symlink) Following"
      },
      "notes": [
        {
          "category": "other",
          "text": "UNIX Symbolic Link (Symlink) Following",
          "title": "CWE-61"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1673396",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1751097"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6597",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1673396",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1751097"
          ]
        }
      ],
      "title": "CVE-2023-6597"
    },
    {
      "cve": "CVE-2023-7256",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220132",
          "CSAFPID-1751084",
          "CSAFPID-912079"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-7256",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7256.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220132",
            "CSAFPID-1751084",
            "CSAFPID-912079"
          ]
        }
      ],
      "title": "CVE-2023-7256"
    },
    {
      "cve": "CVE-2023-29407",
      "cwe": {
        "id": "CWE-834",
        "name": "Excessive Iteration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-29407",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29407.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530"
          ]
        }
      ],
      "title": "CVE-2023-29407"
    },
    {
      "cve": "CVE-2023-29408",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-29408",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29408.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2023-29408"
    },
    {
      "cve": "CVE-2023-40577",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751208",
          "CSAFPID-1751209"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-40577",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40577.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751208",
            "CSAFPID-1751209"
          ]
        }
      ],
      "title": "CVE-2023-40577"
    },
    {
      "cve": "CVE-2023-46218",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information Into Sent Data",
          "title": "CWE-201"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-90016",
          "CSAFPID-93781",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-224795",
          "CSAFPID-342804",
          "CSAFPID-611387",
          "CSAFPID-611413",
          "CSAFPID-614517",
          "CSAFPID-764237",
          "CSAFPID-764240",
          "CSAFPID-764242",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-764826",
          "CSAFPID-765242",
          "CSAFPID-816348",
          "CSAFPID-816773",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-912068",
          "CSAFPID-912073",
          "CSAFPID-912076",
          "CSAFPID-912077",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912085",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-1751211"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46218",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-90016",
            "CSAFPID-93781",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-224795",
            "CSAFPID-342804",
            "CSAFPID-611387",
            "CSAFPID-611413",
            "CSAFPID-614517",
            "CSAFPID-764237",
            "CSAFPID-764240",
            "CSAFPID-764242",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-764826",
            "CSAFPID-765242",
            "CSAFPID-816348",
            "CSAFPID-816773",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-912068",
            "CSAFPID-912073",
            "CSAFPID-912076",
            "CSAFPID-912077",
            "CSAFPID-912078",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912085",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-1751211"
          ]
        }
      ],
      "title": "CVE-2023-46218"
    },
    {
      "cve": "CVE-2023-46219",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-912539",
          "CSAFPID-816773",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912101",
          "CSAFPID-912544",
          "CSAFPID-912077",
          "CSAFPID-816348",
          "CSAFPID-912545",
          "CSAFPID-764240",
          "CSAFPID-912546",
          "CSAFPID-614517",
          "CSAFPID-912547",
          "CSAFPID-224795",
          "CSAFPID-912548",
          "CSAFPID-912102",
          "CSAFPID-912549",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-912078",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-912553",
          "CSAFPID-93781",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-342804",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-765242",
          "CSAFPID-912073",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-1751211"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46219",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46219.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-611387",
            "CSAFPID-912539",
            "CSAFPID-816773",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912101",
            "CSAFPID-912544",
            "CSAFPID-912077",
            "CSAFPID-816348",
            "CSAFPID-912545",
            "CSAFPID-764240",
            "CSAFPID-912546",
            "CSAFPID-614517",
            "CSAFPID-912547",
            "CSAFPID-224795",
            "CSAFPID-912548",
            "CSAFPID-912102",
            "CSAFPID-912549",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-912078",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-912553",
            "CSAFPID-93781",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-342804",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-765242",
            "CSAFPID-912073",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-1751211"
          ]
        }
      ],
      "title": "CVE-2023-46219"
    },
    {
      "cve": "CVE-2023-46604",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-94291",
          "CSAFPID-40293",
          "CSAFPID-1265",
          "CSAFPID-1261",
          "CSAFPID-1266",
          "CSAFPID-8984",
          "CSAFPID-764237",
          "CSAFPID-764240",
          "CSAFPID-224795",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-219776",
          "CSAFPID-765242",
          "CSAFPID-764739",
          "CSAFPID-219826",
          "CSAFPID-204510",
          "CSAFPID-204563",
          "CSAFPID-204569",
          "CSAFPID-204622",
          "CSAFPID-219803",
          "CSAFPID-219838",
          "CSAFPID-219909",
          "CSAFPID-221118",
          "CSAFPID-224790",
          "CSAFPID-224793",
          "CSAFPID-240600",
          "CSAFPID-342793",
          "CSAFPID-342803",
          "CSAFPID-342804",
          "CSAFPID-611387",
          "CSAFPID-611413",
          "CSAFPID-611595",
          "CSAFPID-614517",
          "CSAFPID-764242",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764738",
          "CSAFPID-816346",
          "CSAFPID-816347",
          "CSAFPID-816348",
          "CSAFPID-816349",
          "CSAFPID-816350",
          "CSAFPID-816351",
          "CSAFPID-816352",
          "CSAFPID-816353",
          "CSAFPID-816354",
          "CSAFPID-816355",
          "CSAFPID-816357",
          "CSAFPID-816358",
          "CSAFPID-816359",
          "CSAFPID-816765",
          "CSAFPID-816766",
          "CSAFPID-816767",
          "CSAFPID-816768",
          "CSAFPID-816769",
          "CSAFPID-816770",
          "CSAFPID-816771",
          "CSAFPID-816772",
          "CSAFPID-816773",
          "CSAFPID-816774",
          "CSAFPID-816775",
          "CSAFPID-816776",
          "CSAFPID-816777",
          "CSAFPID-816778",
          "CSAFPID-816779",
          "CSAFPID-816780",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-816783",
          "CSAFPID-816784",
          "CSAFPID-816785",
          "CSAFPID-816786",
          "CSAFPID-816787",
          "CSAFPID-816788",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-816791",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-816794",
          "CSAFPID-816795",
          "CSAFPID-816796",
          "CSAFPID-816797",
          "CSAFPID-912068",
          "CSAFPID-912073",
          "CSAFPID-912076",
          "CSAFPID-912077",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912085",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-1751104"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46604",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46604.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-94291",
            "CSAFPID-40293",
            "CSAFPID-1265",
            "CSAFPID-1261",
            "CSAFPID-1266",
            "CSAFPID-8984",
            "CSAFPID-764237",
            "CSAFPID-764240",
            "CSAFPID-224795",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-93781",
            "CSAFPID-220132",
            "CSAFPID-219776",
            "CSAFPID-765242",
            "CSAFPID-764739",
            "CSAFPID-219826",
            "CSAFPID-204510",
            "CSAFPID-204563",
            "CSAFPID-204569",
            "CSAFPID-204622",
            "CSAFPID-219803",
            "CSAFPID-219838",
            "CSAFPID-219909",
            "CSAFPID-221118",
            "CSAFPID-224790",
            "CSAFPID-224793",
            "CSAFPID-240600",
            "CSAFPID-342793",
            "CSAFPID-342803",
            "CSAFPID-342804",
            "CSAFPID-611387",
            "CSAFPID-611413",
            "CSAFPID-611595",
            "CSAFPID-614517",
            "CSAFPID-764242",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764738",
            "CSAFPID-816346",
            "CSAFPID-816347",
            "CSAFPID-816348",
            "CSAFPID-816349",
            "CSAFPID-816350",
            "CSAFPID-816351",
            "CSAFPID-816352",
            "CSAFPID-816353",
            "CSAFPID-816354",
            "CSAFPID-816355",
            "CSAFPID-816357",
            "CSAFPID-816358",
            "CSAFPID-816359",
            "CSAFPID-816765",
            "CSAFPID-816766",
            "CSAFPID-816767",
            "CSAFPID-816768",
            "CSAFPID-816769",
            "CSAFPID-816770",
            "CSAFPID-816771",
            "CSAFPID-816772",
            "CSAFPID-816773",
            "CSAFPID-816774",
            "CSAFPID-816775",
            "CSAFPID-816776",
            "CSAFPID-816777",
            "CSAFPID-816778",
            "CSAFPID-816779",
            "CSAFPID-816780",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-816783",
            "CSAFPID-816784",
            "CSAFPID-816785",
            "CSAFPID-816786",
            "CSAFPID-816787",
            "CSAFPID-816788",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-816791",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-816794",
            "CSAFPID-816795",
            "CSAFPID-816796",
            "CSAFPID-816797",
            "CSAFPID-912068",
            "CSAFPID-912073",
            "CSAFPID-912076",
            "CSAFPID-912077",
            "CSAFPID-912078",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912085",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-1751104"
          ]
        }
      ],
      "title": "CVE-2023-46604"
    },
    {
      "cve": "CVE-2023-50868",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50868",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50868.json"
        }
      ],
      "title": "CVE-2023-50868"
    },
    {
      "cve": "CVE-2024-0232",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650777",
          "CSAFPID-1650778",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1751218",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0232",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json"
        }
      ],
      "title": "CVE-2024-0232"
    },
    {
      "cve": "CVE-2024-0397",
      "product_status": {
        "known_affected": [
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1673530"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0397",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1673530"
          ]
        }
      ],
      "title": "CVE-2024-0397"
    },
    {
      "cve": "CVE-2024-0450",
      "cwe": {
        "id": "CWE-450",
        "name": "Multiple Interpretations of UI Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Multiple Interpretations of UI Input",
          "title": "CWE-450"
        },
        {
          "category": "other",
          "text": "Asymmetric Resource Consumption (Amplification)",
          "title": "CWE-405"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1727475",
          "CSAFPID-1751097"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0450",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1727475",
            "CSAFPID-1751097"
          ]
        }
      ],
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-1442",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-1442",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1442.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-1442"
    },
    {
      "cve": "CVE-2024-2961",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1672762",
          "CSAFPID-1672764",
          "CSAFPID-1672767",
          "CSAFPID-1673396",
          "CSAFPID-1673395",
          "CSAFPID-1673494",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1727475",
          "CSAFPID-1751097",
          "CSAFPID-1751237"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2961",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1672762",
            "CSAFPID-1672764",
            "CSAFPID-1672767",
            "CSAFPID-1673396",
            "CSAFPID-1673395",
            "CSAFPID-1673494",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1727475",
            "CSAFPID-1751097",
            "CSAFPID-1751237"
          ]
        }
      ],
      "title": "CVE-2024-2961"
    },
    {
      "cve": "CVE-2024-3596",
      "cwe": {
        "id": "CWE-924",
        "name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
          "title": "CWE-924"
        },
        {
          "category": "other",
          "text": "Use of Weak Hash",
          "title": "CWE-328"
        },
        {
          "category": "other",
          "text": "Authentication Bypass by Capture-replay",
          "title": "CWE-294"
        },
        {
          "category": "other",
          "text": "Use of Password Hash Instead of Password for Authentication",
          "title": "CWE-836"
        },
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        },
        {
          "category": "other",
          "text": "User Interface (UI) Misrepresentation of Critical Information",
          "title": "CWE-451"
        },
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751090",
          "CSAFPID-912079",
          "CSAFPID-220132",
          "CSAFPID-1751253"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-3596",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-3596.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751090",
            "CSAFPID-912079",
            "CSAFPID-220132",
            "CSAFPID-1751253"
          ]
        }
      ],
      "title": "CVE-2024-3596"
    },
    {
      "cve": "CVE-2024-4030",
      "cwe": {
        "id": "CWE-276",
        "name": "Incorrect Default Permissions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Default Permissions",
          "title": "CWE-276"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4030",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530"
          ]
        }
      ],
      "title": "CVE-2024-4030"
    },
    {
      "cve": "CVE-2024-4032",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4032",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530"
          ]
        }
      ],
      "title": "CVE-2024-4032"
    },
    {
      "cve": "CVE-2024-5535",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Dependency on Vulnerable Third-Party Component",
          "title": "CWE-1395"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751090",
          "CSAFPID-1751253"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5535",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751090",
            "CSAFPID-1751253"
          ]
        }
      ],
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-6119",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751209"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6119",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751209"
          ]
        }
      ],
      "title": "CVE-2024-6119"
    },
    {
      "cve": "CVE-2024-6162",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650752",
          "CSAFPID-1650751",
          "CSAFPID-1673526",
          "CSAFPID-1673399",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1727475",
          "CSAFPID-1751303",
          "CSAFPID-1650820",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6162",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650752",
            "CSAFPID-1650751",
            "CSAFPID-1673526",
            "CSAFPID-1673399",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1727475",
            "CSAFPID-1751303",
            "CSAFPID-1650820",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-6162"
    },
    {
      "cve": "CVE-2024-6232",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6232",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530"
          ]
        }
      ],
      "title": "CVE-2024-6232"
    },
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673391",
          "CSAFPID-1673394",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1751225",
          "CSAFPID-1751233",
          "CSAFPID-1673530",
          "CSAFPID-1751234",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7254",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673391",
            "CSAFPID-1673394",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1751225",
            "CSAFPID-1751233",
            "CSAFPID-1673530",
            "CSAFPID-1751234",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-7592",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7592",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-7592"
    },
    {
      "cve": "CVE-2024-7885",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673526",
          "CSAFPID-1673399",
          "CSAFPID-1751080",
          "CSAFPID-1751090",
          "CSAFPID-1751079",
          "CSAFPID-1751225",
          "CSAFPID-1672767",
          "CSAFPID-1751241",
          "CSAFPID-1751081",
          "CSAFPID-1751084",
          "CSAFPID-1673393",
          "CSAFPID-1751085",
          "CSAFPID-1751231"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7885",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7885.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673526",
            "CSAFPID-1673399",
            "CSAFPID-1751080",
            "CSAFPID-1751090",
            "CSAFPID-1751079",
            "CSAFPID-1751225",
            "CSAFPID-1672767",
            "CSAFPID-1751241",
            "CSAFPID-1751081",
            "CSAFPID-1751084",
            "CSAFPID-1673393",
            "CSAFPID-1751085",
            "CSAFPID-1751231"
          ]
        }
      ],
      "title": "CVE-2024-7885"
    },
    {
      "cve": "CVE-2024-8006",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220132",
          "CSAFPID-1751084",
          "CSAFPID-912079"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8006",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8006.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220132",
            "CSAFPID-1751084",
            "CSAFPID-912079"
          ]
        }
      ],
      "title": "CVE-2024-8006"
    },
    {
      "cve": "CVE-2024-9143",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751253"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-9143",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
        }
      ],
      "title": "CVE-2024-9143"
    },
    {
      "cve": "CVE-2024-22195",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764237",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-816773",
          "CSAFPID-912077",
          "CSAFPID-816348",
          "CSAFPID-764240",
          "CSAFPID-614517",
          "CSAFPID-224795",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-912078",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-342804",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-219776",
          "CSAFPID-765242",
          "CSAFPID-764739",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-912073",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912085",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-1751225",
          "CSAFPID-1751079",
          "CSAFPID-1751081",
          "CSAFPID-1673393",
          "CSAFPID-1751085"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22195",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764237",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-611387",
            "CSAFPID-816773",
            "CSAFPID-912077",
            "CSAFPID-816348",
            "CSAFPID-764240",
            "CSAFPID-614517",
            "CSAFPID-224795",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-912078",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-93781",
            "CSAFPID-220132",
            "CSAFPID-342804",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-219776",
            "CSAFPID-765242",
            "CSAFPID-764739",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219826",
            "CSAFPID-912073",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912085",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-1751225",
            "CSAFPID-1751079",
            "CSAFPID-1751081",
            "CSAFPID-1673393",
            "CSAFPID-1751085"
          ]
        }
      ],
      "title": "CVE-2024-22195"
    },
    {
      "cve": "CVE-2024-24786",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24786",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24786.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-24786"
    },
    {
      "cve": "CVE-2024-24791",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751208",
          "CSAFPID-1751209"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24791",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751208",
            "CSAFPID-1751209"
          ]
        }
      ],
      "title": "CVE-2024-24791"
    },
    {
      "cve": "CVE-2024-25638",
      "cwe": {
        "id": "CWE-345",
        "name": "Insufficient Verification of Data Authenticity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Verification of Data Authenticity",
          "title": "CWE-345"
        },
        {
          "category": "other",
          "text": "Acceptance of Extraneous Untrusted Data With Trusted Data",
          "title": "CWE-349"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1751225",
          "CSAFPID-1751079",
          "CSAFPID-1751229",
          "CSAFPID-1751230",
          "CSAFPID-1751081",
          "CSAFPID-1751084",
          "CSAFPID-1673393",
          "CSAFPID-1751085",
          "CSAFPID-1751231"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25638",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1751225",
            "CSAFPID-1751079",
            "CSAFPID-1751229",
            "CSAFPID-1751230",
            "CSAFPID-1751081",
            "CSAFPID-1751084",
            "CSAFPID-1673393",
            "CSAFPID-1751085",
            "CSAFPID-1751231"
          ]
        }
      ],
      "title": "CVE-2024-25638"
    },
    {
      "cve": "CVE-2024-25710",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-816773",
          "CSAFPID-912101",
          "CSAFPID-912077",
          "CSAFPID-816348",
          "CSAFPID-764240",
          "CSAFPID-614517",
          "CSAFPID-224795",
          "CSAFPID-912102",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-912078",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-342804",
          "CSAFPID-912080",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-219776",
          "CSAFPID-765242",
          "CSAFPID-764739",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-912073",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-1727475",
          "CSAFPID-1751218"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25710",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-611387",
            "CSAFPID-816773",
            "CSAFPID-912101",
            "CSAFPID-912077",
            "CSAFPID-816348",
            "CSAFPID-764240",
            "CSAFPID-614517",
            "CSAFPID-224795",
            "CSAFPID-912102",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-912078",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-93781",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-342804",
            "CSAFPID-912080",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-219776",
            "CSAFPID-765242",
            "CSAFPID-764739",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219826",
            "CSAFPID-912073",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-1727475",
            "CSAFPID-1751218"
          ]
        }
      ],
      "title": "CVE-2024-25710"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1670429",
          "CSAFPID-1670430",
          "CSAFPID-1670431",
          "CSAFPID-1670432",
          "CSAFPID-1670433",
          "CSAFPID-1670434",
          "CSAFPID-1670435",
          "CSAFPID-1670436",
          "CSAFPID-1670437",
          "CSAFPID-1670438",
          "CSAFPID-1670439",
          "CSAFPID-1670440",
          "CSAFPID-1670441",
          "CSAFPID-1670442",
          "CSAFPID-90016",
          "CSAFPID-93781",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-224795",
          "CSAFPID-342804",
          "CSAFPID-611387",
          "CSAFPID-611413",
          "CSAFPID-614517",
          "CSAFPID-764237",
          "CSAFPID-764240",
          "CSAFPID-764242",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-764826",
          "CSAFPID-765242",
          "CSAFPID-816348",
          "CSAFPID-816773",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-912068",
          "CSAFPID-912073",
          "CSAFPID-912076",
          "CSAFPID-912077",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912085",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-1727475",
          "CSAFPID-1751218",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26308",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1670429",
            "CSAFPID-1670430",
            "CSAFPID-1670431",
            "CSAFPID-1670432",
            "CSAFPID-1670433",
            "CSAFPID-1670434",
            "CSAFPID-1670435",
            "CSAFPID-1670436",
            "CSAFPID-1670437",
            "CSAFPID-1670438",
            "CSAFPID-1670439",
            "CSAFPID-1670440",
            "CSAFPID-1670441",
            "CSAFPID-1670442",
            "CSAFPID-90016",
            "CSAFPID-93781",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-224795",
            "CSAFPID-342804",
            "CSAFPID-611387",
            "CSAFPID-611413",
            "CSAFPID-614517",
            "CSAFPID-764237",
            "CSAFPID-764240",
            "CSAFPID-764242",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-764826",
            "CSAFPID-765242",
            "CSAFPID-816348",
            "CSAFPID-816773",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-912068",
            "CSAFPID-912073",
            "CSAFPID-912076",
            "CSAFPID-912077",
            "CSAFPID-912078",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912085",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-1727475",
            "CSAFPID-1751218",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-27309",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751233",
          "CSAFPID-1751234",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27309",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27309.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751233",
            "CSAFPID-1751234",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-27309"
    },
    {
      "cve": "CVE-2024-28219",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        },
        {
          "category": "other",
          "text": "Use of Potentially Dangerous Function",
          "title": "CWE-676"
        },
        {
          "category": "other",
          "text": "Integer Overflow to Buffer Overflow",
          "title": "CWE-680"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751079",
          "CSAFPID-1751225",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1751085",
          "CSAFPID-912547"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28219",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751079",
            "CSAFPID-1751225",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1751085",
            "CSAFPID-912547"
          ]
        }
      ],
      "title": "CVE-2024-28219"
    },
    {
      "cve": "CVE-2024-28834",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673481",
          "CSAFPID-1751217",
          "CSAFPID-1503590"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28834",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28834.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673481",
            "CSAFPID-1751217",
            "CSAFPID-1503590"
          ]
        }
      ],
      "title": "CVE-2024-28834"
    },
    {
      "cve": "CVE-2024-28835",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncaught Exception",
          "title": "CWE-248"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673481",
          "CSAFPID-1751217",
          "CSAFPID-1503590"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28835",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28835.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673481",
            "CSAFPID-1751217",
            "CSAFPID-1503590"
          ]
        }
      ],
      "title": "CVE-2024-28835"
    },
    {
      "cve": "CVE-2024-28849",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673414",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1727475",
          "CSAFPID-1751235",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28849",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673414",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1727475",
            "CSAFPID-1751235",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-28849"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650752",
          "CSAFPID-1650751",
          "CSAFPID-1673494",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1727475",
          "CSAFPID-1751233",
          "CSAFPID-1751218",
          "CSAFPID-1751234",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29025",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650752",
            "CSAFPID-1650751",
            "CSAFPID-1673494",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1727475",
            "CSAFPID-1751233",
            "CSAFPID-1751218",
            "CSAFPID-1751234",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650820",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-1673496",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1673530"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29131",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650820",
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-1673496",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1673530"
          ]
        }
      ],
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650820",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-1673496",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1673530",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29133",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650820",
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-1673496",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1673530",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-29133"
    },
    {
      "cve": "CVE-2024-33599",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1673396",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1672762",
          "CSAFPID-1673395",
          "CSAFPID-1672764",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673494",
          "CSAFPID-1751237"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33599",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1673396",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1672762",
            "CSAFPID-1673395",
            "CSAFPID-1672764",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673494",
            "CSAFPID-1751237"
          ]
        }
      ],
      "title": "CVE-2024-33599"
    },
    {
      "cve": "CVE-2024-33600",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1673396",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1672762",
          "CSAFPID-1673395",
          "CSAFPID-1672764",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673494",
          "CSAFPID-1751237"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33600",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1673396",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1672762",
            "CSAFPID-1673395",
            "CSAFPID-1672764",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673494",
            "CSAFPID-1751237"
          ]
        }
      ],
      "title": "CVE-2024-33600"
    },
    {
      "cve": "CVE-2024-33601",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        },
        {
          "category": "other",
          "text": "Reachable Assertion",
          "title": "CWE-617"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1673396",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1672762",
          "CSAFPID-1673395",
          "CSAFPID-1672764",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673494",
          "CSAFPID-1751237"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33601",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1673396",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1672762",
            "CSAFPID-1673395",
            "CSAFPID-1672764",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673494",
            "CSAFPID-1751237"
          ]
        }
      ],
      "title": "CVE-2024-33601"
    },
    {
      "cve": "CVE-2024-33602",
      "cwe": {
        "id": "CWE-466",
        "name": "Return of Pointer Value Outside of Expected Range"
      },
      "notes": [
        {
          "category": "other",
          "text": "Return of Pointer Value Outside of Expected Range",
          "title": "CWE-466"
        },
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1673396",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1672762",
          "CSAFPID-1673395",
          "CSAFPID-1672764",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673494",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1751237"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33602",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1673396",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1672762",
            "CSAFPID-1673395",
            "CSAFPID-1672764",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673494",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1751237"
          ]
        }
      ],
      "title": "CVE-2024-33602"
    },
    {
      "cve": "CVE-2024-34064",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1727475",
          "CSAFPID-1751238",
          "CSAFPID-1751225",
          "CSAFPID-1751079",
          "CSAFPID-1751081",
          "CSAFPID-1673393",
          "CSAFPID-1751239",
          "CSAFPID-1751082",
          "CSAFPID-1751240",
          "CSAFPID-1672767",
          "CSAFPID-1751241",
          "CSAFPID-1673481",
          "CSAFPID-1751085"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-34064",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1727475",
            "CSAFPID-1751238",
            "CSAFPID-1751225",
            "CSAFPID-1751079",
            "CSAFPID-1751081",
            "CSAFPID-1673393",
            "CSAFPID-1751239",
            "CSAFPID-1751082",
            "CSAFPID-1751240",
            "CSAFPID-1672767",
            "CSAFPID-1751241",
            "CSAFPID-1673481",
            "CSAFPID-1751085"
          ]
        }
      ],
      "title": "CVE-2024-34064"
    },
    {
      "cve": "CVE-2024-34750",
      "cwe": {
        "id": "CWE-755",
        "name": "Improper Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Exceptional Conditions",
          "title": "CWE-755"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673481",
          "CSAFPID-1503596",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1751242",
          "CSAFPID-1751243",
          "CSAFPID-1751079",
          "CSAFPID-1751225",
          "CSAFPID-1751085"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-34750",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673481",
            "CSAFPID-1503596",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1751242",
            "CSAFPID-1751243",
            "CSAFPID-1751079",
            "CSAFPID-1751225",
            "CSAFPID-1751085"
          ]
        }
      ],
      "title": "CVE-2024-34750"
    },
    {
      "cve": "CVE-2024-35195",
      "cwe": {
        "id": "CWE-670",
        "name": "Always-Incorrect Control Flow Implementation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Always-Incorrect Control Flow Implementation",
          "title": "CWE-670"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751246",
          "CSAFPID-1751247",
          "CSAFPID-1751248",
          "CSAFPID-1673530",
          "CSAFPID-1673393",
          "CSAFPID-1751239",
          "CSAFPID-220132",
          "CSAFPID-1751082",
          "CSAFPID-1672767",
          "CSAFPID-1751241",
          "CSAFPID-912079",
          "CSAFPID-916906",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-35195",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751246",
            "CSAFPID-1751247",
            "CSAFPID-1751248",
            "CSAFPID-1673530",
            "CSAFPID-1673393",
            "CSAFPID-1751239",
            "CSAFPID-220132",
            "CSAFPID-1751082",
            "CSAFPID-1672767",
            "CSAFPID-1751241",
            "CSAFPID-912079",
            "CSAFPID-916906",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-35195"
    },
    {
      "cve": "CVE-2024-37370",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1673413",
          "CSAFPID-1673414",
          "CSAFPID-1673396",
          "CSAFPID-1503590",
          "CSAFPID-1673393",
          "CSAFPID-1673395",
          "CSAFPID-1673399",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673392",
          "CSAFPID-1503589",
          "CSAFPID-1673415",
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1751237",
          "CSAFPID-1751254",
          "CSAFPID-1751217",
          "CSAFPID-1673481",
          "CSAFPID-1751255"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37370",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1673413",
            "CSAFPID-1673414",
            "CSAFPID-1673396",
            "CSAFPID-1503590",
            "CSAFPID-1673393",
            "CSAFPID-1673395",
            "CSAFPID-1673399",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673392",
            "CSAFPID-1503589",
            "CSAFPID-1673415",
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1751237",
            "CSAFPID-1751254",
            "CSAFPID-1751217",
            "CSAFPID-1673481",
            "CSAFPID-1751255"
          ]
        }
      ],
      "title": "CVE-2024-37370"
    },
    {
      "cve": "CVE-2024-37371",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1673413",
          "CSAFPID-1673414",
          "CSAFPID-1673396",
          "CSAFPID-1503590",
          "CSAFPID-1673393",
          "CSAFPID-1673395",
          "CSAFPID-1673399",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673392",
          "CSAFPID-1503589",
          "CSAFPID-1673415",
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1751237",
          "CSAFPID-1751254",
          "CSAFPID-1751217",
          "CSAFPID-1673481",
          "CSAFPID-1751255",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37371",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1673413",
            "CSAFPID-1673414",
            "CSAFPID-1673396",
            "CSAFPID-1503590",
            "CSAFPID-1673393",
            "CSAFPID-1673395",
            "CSAFPID-1673399",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673392",
            "CSAFPID-1503589",
            "CSAFPID-1673415",
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1751237",
            "CSAFPID-1751254",
            "CSAFPID-1751217",
            "CSAFPID-1673481",
            "CSAFPID-1751255",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-37371"
    },
    {
      "cve": "CVE-2024-37891",
      "cwe": {
        "id": "CWE-669",
        "name": "Incorrect Resource Transfer Between Spheres"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Resource Transfer Between Spheres",
          "title": "CWE-669"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-1673396",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1751225",
          "CSAFPID-1751254",
          "CSAFPID-1673530",
          "CSAFPID-1751217",
          "CSAFPID-1751255",
          "CSAFPID-816790",
          "CSAFPID-1751258",
          "CSAFPID-1673481",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-1673396",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1751225",
            "CSAFPID-1751254",
            "CSAFPID-1673530",
            "CSAFPID-1751217",
            "CSAFPID-1751255",
            "CSAFPID-816790",
            "CSAFPID-1751258",
            "CSAFPID-1673481",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-37891"
    },
    {
      "cve": "CVE-2024-38475",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        },
        {
          "category": "other",
          "text": "Path Traversal: \u0027.../...//\u0027",
          "title": "CWE-35"
        },
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Use of Hard-coded Credentials",
          "title": "CWE-798"
        },
        {
          "category": "other",
          "text": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
          "title": "CWE-338"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38475",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json"
        }
      ],
      "title": "CVE-2024-38475"
    },
    {
      "cve": "CVE-2024-38807",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Verification of Cryptographic Signature",
          "title": "CWE-347"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751090",
          "CSAFPID-1751233",
          "CSAFPID-1751234",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38807",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38807.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751090",
            "CSAFPID-1751233",
            "CSAFPID-1751234",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-38807"
    },
    {
      "cve": "CVE-2024-38809",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673393"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38809",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-1673393"
          ]
        }
      ],
      "title": "CVE-2024-38809"
    },
    {
      "cve": "CVE-2024-38816",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "other",
          "text": "Relative Path Traversal",
          "title": "CWE-23"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1751081",
          "CSAFPID-1673393",
          "CSAFPID-1751079",
          "CSAFPID-1751080",
          "CSAFPID-1751084",
          "CSAFPID-1751085",
          "CSAFPID-1751082",
          "CSAFPID-1751225"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38816",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1751081",
            "CSAFPID-1673393",
            "CSAFPID-1751079",
            "CSAFPID-1751080",
            "CSAFPID-1751084",
            "CSAFPID-1751085",
            "CSAFPID-1751082",
            "CSAFPID-1751225"
          ]
        }
      ],
      "title": "CVE-2024-38816"
    },
    {
      "cve": "CVE-2024-38819",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673393",
          "CSAFPID-1751079",
          "CSAFPID-1751080",
          "CSAFPID-1751081",
          "CSAFPID-1751082",
          "CSAFPID-1751084",
          "CSAFPID-1751085",
          "CSAFPID-1751225",
          "CSAFPID-1672767",
          "CSAFPID-1751241"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38819",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673393",
            "CSAFPID-1751079",
            "CSAFPID-1751080",
            "CSAFPID-1751081",
            "CSAFPID-1751082",
            "CSAFPID-1751084",
            "CSAFPID-1751085",
            "CSAFPID-1751225",
            "CSAFPID-1672767",
            "CSAFPID-1751241"
          ]
        }
      ],
      "title": "CVE-2024-38819"
    },
    {
      "cve": "CVE-2024-38820",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Handling of Case Sensitivity",
          "title": "CWE-178"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751079",
          "CSAFPID-1751225",
          "CSAFPID-1751081",
          "CSAFPID-1751084",
          "CSAFPID-1673393",
          "CSAFPID-1751080",
          "CSAFPID-1751082",
          "CSAFPID-1751085",
          "CSAFPID-1672767",
          "CSAFPID-1751241"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38820",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751079",
            "CSAFPID-1751225",
            "CSAFPID-1751081",
            "CSAFPID-1751084",
            "CSAFPID-1673393",
            "CSAFPID-1751080",
            "CSAFPID-1751082",
            "CSAFPID-1751085",
            "CSAFPID-1672767",
            "CSAFPID-1751241"
          ]
        }
      ],
      "title": "CVE-2024-38820"
    },
    {
      "cve": "CVE-2024-38827",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authorization Bypass Through User-Controlled Key",
          "title": "CWE-639"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751225",
          "CSAFPID-1751079",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-1673393",
          "CSAFPID-1751085",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38827",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751225",
            "CSAFPID-1751079",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-1673393",
            "CSAFPID-1751085",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-38827"
    },
    {
      "cve": "CVE-2024-38998",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751225",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-912073",
          "CSAFPID-1751254",
          "CSAFPID-1751079",
          "CSAFPID-1751242",
          "CSAFPID-1751234",
          "CSAFPID-1673496",
          "CSAFPID-1751233",
          "CSAFPID-1751255",
          "CSAFPID-1673481",
          "CSAFPID-1751085",
          "CSAFPID-220132",
          "CSAFPID-912079"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38998",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751225",
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-912073",
            "CSAFPID-1751254",
            "CSAFPID-1751079",
            "CSAFPID-1751242",
            "CSAFPID-1751234",
            "CSAFPID-1673496",
            "CSAFPID-1751233",
            "CSAFPID-1751255",
            "CSAFPID-1673481",
            "CSAFPID-1751085",
            "CSAFPID-220132",
            "CSAFPID-912079"
          ]
        }
      ],
      "title": "CVE-2024-38998"
    },
    {
      "cve": "CVE-2024-38999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751225",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-912073",
          "CSAFPID-1751254",
          "CSAFPID-1751079",
          "CSAFPID-1751242",
          "CSAFPID-1751234",
          "CSAFPID-1673496",
          "CSAFPID-1751233",
          "CSAFPID-1751255",
          "CSAFPID-1673481",
          "CSAFPID-1751085",
          "CSAFPID-220132",
          "CSAFPID-912079"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38999",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751225",
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-912073",
            "CSAFPID-1751254",
            "CSAFPID-1751079",
            "CSAFPID-1751242",
            "CSAFPID-1751234",
            "CSAFPID-1673496",
            "CSAFPID-1751233",
            "CSAFPID-1751255",
            "CSAFPID-1673481",
            "CSAFPID-1751085",
            "CSAFPID-220132",
            "CSAFPID-912079"
          ]
        }
      ],
      "title": "CVE-2024-38999"
    },
    {
      "cve": "CVE-2024-41817",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Search Path Element",
          "title": "CWE-427"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673382",
          "CSAFPID-1650731",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-220132",
          "CSAFPID-912079"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-41817",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673382",
            "CSAFPID-1650731",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-220132",
            "CSAFPID-912079"
          ]
        }
      ],
      "title": "CVE-2024-41817"
    },
    {
      "cve": "CVE-2024-45490",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "other",
          "text": "Incorrect Calculation of Buffer Size",
          "title": "CWE-131"
        },
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673382",
          "CSAFPID-1673399",
          "CSAFPID-1650731",
          "CSAFPID-1673517",
          "CSAFPID-1673396",
          "CSAFPID-1673414",
          "CSAFPID-1503590"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45490",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673382",
            "CSAFPID-1673399",
            "CSAFPID-1650731",
            "CSAFPID-1673517",
            "CSAFPID-1673396",
            "CSAFPID-1673414",
            "CSAFPID-1503590"
          ]
        }
      ],
      "title": "CVE-2024-45490"
    },
    {
      "cve": "CVE-2024-45491",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673382",
          "CSAFPID-1673399",
          "CSAFPID-1650731",
          "CSAFPID-1673517",
          "CSAFPID-1673396",
          "CSAFPID-1673414",
          "CSAFPID-1503590"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45491",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673382",
            "CSAFPID-1673399",
            "CSAFPID-1650731",
            "CSAFPID-1673517",
            "CSAFPID-1673396",
            "CSAFPID-1673414",
            "CSAFPID-1503590"
          ]
        }
      ],
      "title": "CVE-2024-45491"
    },
    {
      "cve": "CVE-2024-45492",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673382",
          "CSAFPID-1673399",
          "CSAFPID-1650731",
          "CSAFPID-1673517",
          "CSAFPID-1673396",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1673414",
          "CSAFPID-1503590"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45492",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673382",
            "CSAFPID-1673399",
            "CSAFPID-1650731",
            "CSAFPID-1673517",
            "CSAFPID-1673396",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1673414",
            "CSAFPID-1503590"
          ]
        }
      ],
      "title": "CVE-2024-45492"
    },
    {
      "cve": "CVE-2024-47535",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751233",
          "CSAFPID-1751234",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47535",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47535.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751233",
            "CSAFPID-1751234",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-47535"
    },
    {
      "cve": "CVE-2024-47554",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751292",
          "CSAFPID-1751234",
          "CSAFPID-1751294",
          "CSAFPID-1751233",
          "CSAFPID-1751295",
          "CSAFPID-1751296",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47554",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751292",
            "CSAFPID-1751234",
            "CSAFPID-1751294",
            "CSAFPID-1751233",
            "CSAFPID-1751295",
            "CSAFPID-1751296",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-47561",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751296",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47561",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751296",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2024-47561"
    },
    {
      "cve": "CVE-2024-47803",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Generation of Error Message Containing Sensitive Information",
          "title": "CWE-209"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751079",
          "CSAFPID-1751225",
          "CSAFPID-1672767",
          "CSAFPID-1751300",
          "CSAFPID-1751241",
          "CSAFPID-1751081",
          "CSAFPID-1751084",
          "CSAFPID-1673393",
          "CSAFPID-1751085"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47803",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47803.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751079",
            "CSAFPID-1751225",
            "CSAFPID-1672767",
            "CSAFPID-1751300",
            "CSAFPID-1751241",
            "CSAFPID-1751081",
            "CSAFPID-1751084",
            "CSAFPID-1673393",
            "CSAFPID-1751085"
          ]
        }
      ],
      "title": "CVE-2024-47803"
    },
    {
      "cve": "CVE-2024-47804",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "Insufficient Granularity of Access Control",
          "title": "CWE-1220"
        },
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751225",
          "CSAFPID-1751079",
          "CSAFPID-1672767",
          "CSAFPID-1751300",
          "CSAFPID-1751241",
          "CSAFPID-1751081",
          "CSAFPID-1751084",
          "CSAFPID-1673393",
          "CSAFPID-1751085"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47804",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47804.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751225",
            "CSAFPID-1751079",
            "CSAFPID-1672767",
            "CSAFPID-1751300",
            "CSAFPID-1751241",
            "CSAFPID-1751081",
            "CSAFPID-1751084",
            "CSAFPID-1673393",
            "CSAFPID-1751085"
          ]
        }
      ],
      "title": "CVE-2024-47804"
    },
    {
      "cve": "CVE-2024-49766",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751208",
          "CSAFPID-1751246",
          "CSAFPID-1751209"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-49766",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49766.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751208",
            "CSAFPID-1751246",
            "CSAFPID-1751209"
          ]
        }
      ],
      "title": "CVE-2024-49766"
    },
    {
      "cve": "CVE-2024-49767",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751208",
          "CSAFPID-1751080",
          "CSAFPID-1751079",
          "CSAFPID-1751225",
          "CSAFPID-1751082",
          "CSAFPID-1751300",
          "CSAFPID-1751246",
          "CSAFPID-1751209",
          "CSAFPID-1673393",
          "CSAFPID-1751085",
          "CSAFPID-1751231"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-49767",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49767.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751208",
            "CSAFPID-1751080",
            "CSAFPID-1751079",
            "CSAFPID-1751225",
            "CSAFPID-1751082",
            "CSAFPID-1751300",
            "CSAFPID-1751246",
            "CSAFPID-1751209",
            "CSAFPID-1673393",
            "CSAFPID-1751085",
            "CSAFPID-1751231"
          ]
        }
      ],
      "title": "CVE-2024-49767"
    },
    {
      "cve": "CVE-2024-50379",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
          "title": "CWE-367"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816790"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50379",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816790"
          ]
        }
      ],
      "title": "CVE-2024-50379"
    },
    {
      "cve": "CVE-2024-50602",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751225",
          "CSAFPID-1751079",
          "CSAFPID-1751082",
          "CSAFPID-1751085"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50602",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50602.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751225",
            "CSAFPID-1751079",
            "CSAFPID-1751082",
            "CSAFPID-1751085"
          ]
        }
      ],
      "title": "CVE-2024-50602"
    },
    {
      "cve": "CVE-2024-53677",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "other",
          "text": "Unrestricted Upload of File with Dangerous Type",
          "title": "CWE-434"
        },
        {
          "category": "other",
          "text": "Files or Directories Accessible to External Parties",
          "title": "CWE-552"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816790"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-53677",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53677.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816790"
          ]
        }
      ],
      "title": "CVE-2024-53677"
    },
    {
      "cve": "CVE-2024-54677",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816790"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-54677",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816790"
          ]
        }
      ],
      "title": "CVE-2024-54677"
    },
    {
      "cve": "CVE-2024-56337",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
          "title": "CWE-367"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816790"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-56337",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816790"
          ]
        }
      ],
      "title": "CVE-2024-56337"
    },
    {
      "cve": "CVE-2025-21542",
      "product_status": {
        "known_affected": [
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-1673496",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21542",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21542.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-1673496",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2025-21542"
    },
    {
      "cve": "CVE-2025-21544",
      "product_status": {
        "known_affected": [
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-1673496",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21544",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21544.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-1673496",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2025-21544"
    },
    {
      "cve": "CVE-2025-21554",
      "product_status": {
        "known_affected": [
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-1673496",
          "CSAFPID-1751377",
          "CSAFPID-1751378",
          "CSAFPID-1751379",
          "CSAFPID-1751380",
          "CSAFPID-1751381",
          "CSAFPID-1751382",
          "CSAFPID-1751383",
          "CSAFPID-1674619",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1751384",
          "CSAFPID-1751385",
          "CSAFPID-1751386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21554",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21554.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-1673496",
            "CSAFPID-1751377",
            "CSAFPID-1751378",
            "CSAFPID-1751379",
            "CSAFPID-1751380",
            "CSAFPID-1751381",
            "CSAFPID-1751382",
            "CSAFPID-1751383",
            "CSAFPID-1674619",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1751384",
            "CSAFPID-1751385",
            "CSAFPID-1751386"
          ]
        }
      ],
      "title": "CVE-2025-21554"
    }
  ]
}

OPENSUSE-SU-2024:13791-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

apache-commons-configuration2-2.10.1-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: apache-commons-configuration2-2.10.1-1.1 on GA media

Description of the patch: These are all security issues fixed in the apache-commons-configuration2-2.10.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13791

CVE-2024-29131

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2024-29133

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2024-29131/	self
https://www.suse.com/security/cve/CVE-2024-29133/	self
https://www.suse.com/security/cve/CVE-2024-29131	external
https://bugzilla.suse.com/1221797	external
https://www.suse.com/security/cve/CVE-2024-29133	external
https://bugzilla.suse.com/1221793	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "apache-commons-configuration2-2.10.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the apache-commons-configuration2-2.10.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13791",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13791-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-29131 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-29131/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-29133 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-29133/"
      }
    ],
    "title": "apache-commons-configuration2-2.10.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13791-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-2.10.1-1.1.aarch64",
                "product": {
                  "name": "apache-commons-configuration2-2.10.1-1.1.aarch64",
                  "product_id": "apache-commons-configuration2-2.10.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
                "product": {
                  "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
                  "product_id": "apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-2.10.1-1.1.ppc64le",
                "product": {
                  "name": "apache-commons-configuration2-2.10.1-1.1.ppc64le",
                  "product_id": "apache-commons-configuration2-2.10.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
                "product": {
                  "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
                  "product_id": "apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-2.10.1-1.1.s390x",
                "product": {
                  "name": "apache-commons-configuration2-2.10.1-1.1.s390x",
                  "product_id": "apache-commons-configuration2-2.10.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
                "product": {
                  "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
                  "product_id": "apache-commons-configuration2-javadoc-2.10.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-2.10.1-1.1.x86_64",
                "product": {
                  "name": "apache-commons-configuration2-2.10.1-1.1.x86_64",
                  "product_id": "apache-commons-configuration2-2.10.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64",
                "product": {
                  "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64",
                  "product_id": "apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64"
        },
        "product_reference": "apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le"
        },
        "product_reference": "apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x"
        },
        "product_reference": "apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64"
        },
        "product_reference": "apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-29131",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-29131"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\n\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x",
          "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
          "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-29131",
          "url": "https://www.suse.com/security/cve/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221797 for CVE-2024-29131",
          "url": "https://bugzilla.suse.com/1221797"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-29133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-29133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\n\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x",
          "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
          "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-29133",
          "url": "https://www.suse.com/security/cve/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221793 for CVE-2024-29133",
          "url": "https://bugzilla.suse.com/1221793"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-configuration2-2.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-configuration2-javadoc-2.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-29133"
    }
  ]
}

RHSA-2024:2945

Vulnerability from csaf_redhat - Published: 2024-05-21 14:18 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update

Severity

Important

Notes

Topic: Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.12.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * (CVE-2023-6717) keycloak: XSS via assertion consumer service URL in SAML POST-binding flow * (CVE-2024-1132) keycloak: path transversal in redirection validation * (CVE-2024-1249) keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS * (CVE-2024-22259) springframework: URL Parsing with Host Validation * (CVE-2022-41678) Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE * (CVE-2023-44981) zookeeper: Authorization Bypass in Apache ZooKeeper * (CVE-2023-6378) logback: serialization vulnerability in logback receiver * (CVE-2023-6481) logback: A serialization vulnerability in logback receiver * (CVE-2024-29025) netty-codec-http: Allocation of Resources Without Limits or Throttling * (CVE-2024-29131) commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() * (CVE-2024-29133) commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2022-41678

A vulnerability in ActiveMQ's Jolokia integration, where an authenticated user can potentially execute arbitrary code on the server. The vulnerability stems from the ability to handle and manipulate JMX requests through Jolokia's HttpRequestHandler, allowing an attacker to exploit the jdk.management.jfr.FlightRecorderMXBeanImpl class in Java 11 or higher. By crafting specific requests, an attacker could inject and execute a webshell, leading to remote code execution. This poses a significant security risk, especially in environments where Jolokia is enabled and not properly secured.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-6378

A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-499 - Serializable Class Containing Sensitive Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-6481

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

6.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44981

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-1249

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CWE-346 - Origin Validation Error

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-22259

A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix

Threats

Impact Important

CVE-2024-29025

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-29131

A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-29133

A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Low

References

71 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2945	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2243436	external
https://bugzilla.redhat.com/show_bug.cgi?id=2252185	external
https://bugzilla.redhat.com/show_bug.cgi?id=2252230	external
https://bugzilla.redhat.com/show_bug.cgi?id=2252956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2253952	external
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://bugzilla.redhat.com/show_bug.cgi?id=2262918	external
https://bugzilla.redhat.com/show_bug.cgi?id=2269846	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272907	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-41678	self
https://bugzilla.redhat.com/show_bug.cgi?id=2252185	external
https://www.cve.org/CVERecord?id=CVE-2022-41678	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41678	external
https://access.redhat.com/security/cve/CVE-2023-6378	self
https://bugzilla.redhat.com/show_bug.cgi?id=2252230	external
https://www.cve.org/CVERecord?id=CVE-2023-6378	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6378	external
https://access.redhat.com/security/cve/CVE-2023-6481	self
https://bugzilla.redhat.com/show_bug.cgi?id=2252956	external
https://www.cve.org/CVERecord?id=CVE-2023-6481	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6481	external
https://access.redhat.com/security/cve/CVE-2023-6717	self
https://bugzilla.redhat.com/show_bug.cgi?id=2253952	external
https://www.cve.org/CVERecord?id=CVE-2023-6717	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6717	external
https://access.redhat.com/security/cve/CVE-2023-44981	self
https://bugzilla.redhat.com/show_bug.cgi?id=2243436	external
https://www.cve.org/CVERecord?id=CVE-2023-44981	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44981	external
https://lists.apache.org/thread/wf0yrk84dg1942z1o…	external
https://access.redhat.com/security/cve/CVE-2024-1132	self
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://www.cve.org/CVERecord?id=CVE-2024-1132	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1132	external
https://access.redhat.com/security/cve/CVE-2024-1249	self
https://bugzilla.redhat.com/show_bug.cgi?id=2262918	external
https://www.cve.org/CVERecord?id=CVE-2024-1249	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1249	external
https://access.redhat.com/security/cve/CVE-2024-22259	self
https://bugzilla.redhat.com/show_bug.cgi?id=2269846	external
https://www.cve.org/CVERecord?id=CVE-2024-22259	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22259	external
https://spring.io/security/cve-2024-22259	external
https://access.redhat.com/security/cve/CVE-2024-29025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272907	external
https://www.cve.org/CVERecord?id=CVE-2024-29025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29025	external
https://gist.github.com/vietj/f558b8ea81ec6505f1e…	external
https://github.com/netty/netty/commit/0d0c6ed782d…	external
https://github.com/netty/netty/security/advisorie…	external
https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812	external
https://access.redhat.com/security/cve/CVE-2024-29131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://www.cve.org/CVERecord?id=CVE-2024-29131	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29131	external
https://github.com/apache/commons-configuration/c…	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-840	external
https://access.redhat.com/security/cve/CVE-2024-29133	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://www.cve.org/CVERecord?id=CVE-2024-29133	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29133	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-841	external

Acknowledgments

Axel Flamcourt

Adriano Márcio Monteiro

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.12.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2023-6717) keycloak: XSS via assertion consumer service URL in SAML POST-binding flow\n* (CVE-2024-1132) keycloak: path transversal in redirection validation\n* (CVE-2024-1249) keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS\n* (CVE-2024-22259) springframework: URL Parsing with Host Validation\n* (CVE-2022-41678) Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE\n* (CVE-2023-44981) zookeeper: Authorization Bypass in Apache ZooKeeper\n* (CVE-2023-6378) logback: serialization vulnerability in logback receiver\n* (CVE-2023-6481) logback: A serialization vulnerability in logback receiver\n* (CVE-2024-29025) netty-codec-http: Allocation of Resources Without Limits or Throttling\n* (CVE-2024-29131) commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()\n* (CVE-2024-29133) commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2945",
        "url": "https://access.redhat.com/errata/RHSA-2024:2945"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.12.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.12.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.12",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.12"
      },
      {
        "category": "external",
        "summary": "2243436",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
      },
      {
        "category": "external",
        "summary": "2252185",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252185"
      },
      {
        "category": "external",
        "summary": "2252230",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
      },
      {
        "category": "external",
        "summary": "2252956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
      },
      {
        "category": "external",
        "summary": "2253952",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
      },
      {
        "category": "external",
        "summary": "2262117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
      },
      {
        "category": "external",
        "summary": "2262918",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
      },
      {
        "category": "external",
        "summary": "2269846",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269846"
      },
      {
        "category": "external",
        "summary": "2270673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
      },
      {
        "category": "external",
        "summary": "2270674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
      },
      {
        "category": "external",
        "summary": "2272907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2945.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:08+00:00",
      "generator": {
        "date": "2026-06-10T08:37:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2024:2945",
      "initial_release_date": "2024-05-21T14:18:30+00:00",
      "revision_history": [
        {
          "date": "2024-05-21T14:18:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-21T14:18:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AMQ Broker 7",
                "product": {
                  "name": "Red Hat AMQ Broker 7",
                  "product_id": "Red Hat AMQ Broker 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:amq_broker:7.12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss AMQ"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41678",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2023-11-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2252185"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in ActiveMQ\u0027s Jolokia integration, where an authenticated user can potentially execute arbitrary code on the server. The vulnerability stems from the ability to handle and manipulate JMX requests through Jolokia\u0027s HttpRequestHandler, allowing an attacker to exploit the jdk.management.jfr.FlightRecorderMXBeanImpl class in Java 11 or higher. By crafting specific requests, an attacker could inject and execute a webshell, leading to remote code execution. This poses a significant security risk, especially in environments where Jolokia is enabled and not properly secured.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is considered moderate severity due to the requirement of authenticated access to exploit the flaw, significantly reducing the risk to systems that enforce strong authentication controls. While it does allow for remote code execution through Jolokia\u0027s request handling and Java Management Extensions (JMX), the exploitation pathway is complex and relies on specific conditions, such as the presence of Java 11 or higher and misconfigured or permissive Jolokia settings. an authenticated attacker to achieve remote code execution (RCE) within the ActiveMQ environment.Only an authenticated attacker to achieve remote code execution (RCE) within the ActiveMQ environment. In environments where authentication is well-managed and Jolokia is correctly configured or disabled, the likelihood of successful exploitation is reduced, mitigating the overall impact on system security.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41678"
        },
        {
          "category": "external",
          "summary": "RHBZ#2252185",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252185"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41678"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678"
        }
      ],
      "release_date": "2023-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE"
    },
    {
      "cve": "CVE-2023-6378",
      "cwe": {
        "id": "CWE-499",
        "name": "Serializable Class Containing Sensitive Data"
      },
      "discovery_date": "2023-11-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2252230"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "logback: serialization vulnerability in logback receiver",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6378"
        },
        {
          "category": "external",
          "summary": "RHBZ#2252230",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6378",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378"
        }
      ],
      "release_date": "2023-11-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "logback: serialization vulnerability in logback receiver"
    },
    {
      "cve": "CVE-2023-6481",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2252956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027) via the logback receiver component. This flaw allows an  attacker to mount a denial-of-service attack by sending poisoned data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "logback: A serialization vulnerability in logback receiver",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The security vulnerability in the logback package is considered of moderate severity due to its potential for facilitating a denial-of-service (DoS) attack. While a DoS attack can disrupt service availability, this vulnerability may not lead to more severe consequences such as unauthorized access or data breaches.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6481"
        },
        {
          "category": "external",
          "summary": "RHBZ#2252956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6481",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "logback: A serialization vulnerability in logback receiver"
    },
    {
      "cve": "CVE-2023-6717",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2023-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2253952"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2253952",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow"
    },
    {
      "cve": "CVE-2023-44981",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2023-10-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2243436"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "zookeeper: Authorization Bypass in Apache ZooKeeper",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat AMQ 7 Broker and Red Hat AMQ Streams 2 use Zookeeper but do not use or enable the vulnerable functionality, Peer Authentication. They are affected at Moderate Impact by this flaw.\n\nRed Hat Fuse 7 uses Zookeeper but does not use any of its server capabilities and as such is not vulnerable, and so is affected at Low Impact by this flaw.\n\nRed Hat Process Automation Manager 7 and Red Hat Decision Manager 7 do not ship zookeeper, and so are not affected by this flaw.\n\nRed Hat Fuse 6 and AMQ 6 use Zookeeper but are not vulnerable to this flaw, and have been assessed as Important Impact and are as such out of security support scope for this flaw.\n\nRed Hat Business Process Manager Suite 6, Red Hat Business Rules Management Suite 6, Red Hat JBoss Data Virtualization 6, Red Hat OpenShift Application Runtime Vert-x, and Red Hat Fuse Service Works 6 are out of security support scope for this flaw.\n\nAs no Red Hat products are affected at Critical Impact by this flaw, its overall impact has been reduced to Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "RHBZ#2243436",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b",
          "url": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b"
        }
      ],
      "release_date": "2023-10-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "According to Apache\u0027s document: Ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "zookeeper: Authorization Bypass in Apache ZooKeeper"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Axel Flamcourt"
          ]
        }
      ],
      "cve": "CVE-2024-1132",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2262117"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: path transversal in redirection validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "RHBZ#2262117",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: path transversal in redirection validation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Adriano M\u00e1rcio Monteiro"
          ]
        }
      ],
      "cve": "CVE-2024-1249",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "discovery_date": "2024-02-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2262918"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application\u0027s availability without proper origin validation for incoming messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in Keycloak\u0027s OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1249"
        },
        {
          "category": "external",
          "summary": "RHBZ#2262918",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1249"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS"
    },
    {
      "cve": "CVE-2024-22259",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2024-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269846"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "springframework: URL Parsing with Host Validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22259"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269846",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269846"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22259",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259"
        },
        {
          "category": "external",
          "summary": "https://spring.io/security/cve-2024-22259",
          "url": "https://spring.io/security/cve-2024-22259"
        }
      ],
      "release_date": "2024-03-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "springframework: URL Parsing with Host Validation"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272907"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272907",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
          "url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
          "url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
        }
      ],
      "release_date": "2024-03-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270674"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270674",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
          "url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
          "url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
          "url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
    }
  ]
}

RHSA-2024:3920

Vulnerability from csaf_redhat - Published: 2024-06-13 11:02 - Updated: 2026-06-02 17:42

Summary

Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Severity

Important

Notes

Topic: Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Migration Toolkit for Runtimes 1.2.6 ZIP artifacts Security Fix(es): * axios: exposure of confidential data stored in cookies (CVE-2023-45857) * follow-redirects: Possible credential leak (CVE-2024-28849) * commons-configuration2: various flaws (CVE-2024-29131) * commons-configuration2: various flaws (CVE-2024-29133) * webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-45857

A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-28849

A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-29131

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-29133

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-29180

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Important

References

32 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:3920	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://issues.redhat.com/browse/WINDUPRULE-1049	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-45857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2248979	external
https://www.cve.org/CVERecord?id=CVE-2023-45857	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45857	external
https://access.redhat.com/security/cve/CVE-2024-28849	self
https://bugzilla.redhat.com/show_bug.cgi?id=2269576	external
https://www.cve.org/CVERecord?id=CVE-2024-28849	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28849	external
https://github.com/follow-redirects/follow-redire…	external
https://access.redhat.com/security/cve/CVE-2024-29131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://www.cve.org/CVERecord?id=CVE-2024-29131	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29131	external
https://github.com/apache/commons-configuration/c…	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-840	external
https://access.redhat.com/security/cve/CVE-2024-29133	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://www.cve.org/CVERecord?id=CVE-2024-29133	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29133	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-841	external
https://access.redhat.com/security/cve/CVE-2024-29180	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270863	external
https://www.cve.org/CVERecord?id=CVE-2024-29180	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29180	external
https://github.com/webpack/webpack-dev-middleware…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Runtimes 1.2.6 release\nRed Hat Product Security has rated this update as having a security impact of Important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Runtimes 1.2.6 ZIP artifacts\n\nSecurity Fix(es):\n\n* axios: exposure of confidential data stored in cookies (CVE-2023-45857)\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n* commons-configuration2: various flaws (CVE-2024-29131)\n* commons-configuration2: various flaws (CVE-2024-29133)\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3920",
        "url": "https://access.redhat.com/errata/RHSA-2024:3920"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
      },
      {
        "category": "external",
        "summary": "WINDUPRULE-1049",
        "url": "https://issues.redhat.com/browse/WINDUPRULE-1049"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3920.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-02T17:42:32+00:00",
      "generator": {
        "date": "2026-06-02T17:42:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2024:3920",
      "initial_release_date": "2024-06-13T11:02:36+00:00",
      "revision_history": [
        {
          "date": "2024-06-13T11:02:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-13T11:02:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:42:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                "product": {
                  "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Runtimes"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45857",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-11-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2248979"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: exposure of confidential data stored in cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected container was deprecated in ACM 2.5 version which is not anymore supported. Following versions of this product are not impacted by this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-45857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2248979",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857"
        }
      ],
      "release_date": "2023-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "axios: exposure of confidential data stored in cookies"
    },
    {
      "cve": "CVE-2024-28849",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2024-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Possible credential leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
          "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
        }
      ],
      "release_date": "2024-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Possible credential leak"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270674"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270674",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
          "url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
          "url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
          "url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
    },
    {
      "cve": "CVE-2024-29180",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270863"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270863",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
          "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
        }
      ],
      "release_date": "2024-03-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
    }
  ]
}

RHSA-2024:3989

Vulnerability from csaf_redhat - Published: 2024-06-20 00:34 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Severity

Important

Notes

Topic: Migration Toolkit for Applications 6.2.3 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Migration Toolkit for Applications 6.2.3 Images Security Fix(es) from Bugzilla: * keycloak: path transversal in redirection validation (CVE-2024-1132) * webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180) * axios: exposure of confidential data stored in cookies (CVE-2023-45857) * css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364) * css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631) * follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159) * io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023) * io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) * commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710) * commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308) * follow-redirects: Possible credential leak (CVE-2024-28849) * jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479) * commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (CVE-2024-29133) * commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (CVE-2024-29131)

CVE-2023-26159

An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64	—	Workaround

Threats

Impact Moderate

CVE-2023-26364

A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2023-36479

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-149 - Improper Neutralization of Quoting Syntax

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64		—

Threats

Impact Low

CVE-2023-45857

A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2023-48631

A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe's css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-1132

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Important

CVE-2024-1300

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-25710

A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-26308

An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-28849

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64		—	Vendor Fix fix
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix

Known not affected 4 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64		—

Threats

Impact Moderate

CVE-2024-29131

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Low

CVE-2024-29133

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Low

CVE-2024-29180

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64		—	Vendor Fix fix Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 4 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround

Threats

Impact Important

References

90 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:3989	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2239630	external
https://bugzilla.redhat.com/show_bug.cgi?id=2248979	external
https://bugzilla.redhat.com/show_bug.cgi?id=2250364	external
https://bugzilla.redhat.com/show_bug.cgi?id=2254559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2256413	external
https://bugzilla.redhat.com/show_bug.cgi?id=2260840	external
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://bugzilla.redhat.com/show_bug.cgi?id=2263139	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264988	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264989	external
https://bugzilla.redhat.com/show_bug.cgi?id=2269576	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270863	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-26159	self
https://bugzilla.redhat.com/show_bug.cgi?id=2256413	external
https://www.cve.org/CVERecord?id=CVE-2023-26159	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26159	external
https://access.redhat.com/security/cve/CVE-2023-26364	self
https://bugzilla.redhat.com/show_bug.cgi?id=2250364	external
https://www.cve.org/CVERecord?id=CVE-2023-26364	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26364	external
https://github.com/adobe/css-tools/security/advis…	external
https://access.redhat.com/security/cve/CVE-2023-36479	self
https://bugzilla.redhat.com/show_bug.cgi?id=2239630	external
https://www.cve.org/CVERecord?id=CVE-2023-36479	external
https://nvd.nist.gov/vuln/detail/CVE-2023-36479	external
https://access.redhat.com/security/cve/CVE-2023-45857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2248979	external
https://www.cve.org/CVERecord?id=CVE-2023-45857	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45857	external
https://access.redhat.com/security/cve/CVE-2023-48631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2254559	external
https://www.cve.org/CVERecord?id=CVE-2023-48631	external
https://nvd.nist.gov/vuln/detail/CVE-2023-48631	external
https://github.com/adobe/css-tools/security/advis…	external
https://access.redhat.com/security/cve/CVE-2024-1023	self
https://bugzilla.redhat.com/show_bug.cgi?id=2260840	external
https://www.cve.org/CVERecord?id=CVE-2024-1023	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1023	external
https://github.com/eclipse-vertx/vert.x/issues/5078	external
https://github.com/eclipse-vertx/vert.x/pull/5080	external
https://github.com/eclipse-vertx/vert.x/pull/5082	external
https://access.redhat.com/security/cve/CVE-2024-1132	self
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://www.cve.org/CVERecord?id=CVE-2024-1132	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1132	external
https://access.redhat.com/security/cve/CVE-2024-1300	self
https://bugzilla.redhat.com/show_bug.cgi?id=2263139	external
https://www.cve.org/CVERecord?id=CVE-2024-1300	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1300	external
https://vertx.io/docs/vertx-core/java/#_server_na…	external
https://access.redhat.com/security/cve/CVE-2024-25710	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264988	external
https://www.cve.org/CVERecord?id=CVE-2024-25710	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25710	external
http://www.openwall.com/lists/oss-security/2024/02/19/1	external
https://lists.apache.org/thread/cz8qkcwphy4cx8glt…	external
https://access.redhat.com/security/cve/CVE-2024-26308	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264989	external
https://www.cve.org/CVERecord?id=CVE-2024-26308	external
https://nvd.nist.gov/vuln/detail/CVE-2024-26308	external
https://lists.apache.org/thread/ch5yo2d21p7vlqrhl…	external
https://www.openwall.com/lists/oss-security/2024/…	external
https://access.redhat.com/security/cve/CVE-2024-28849	self
https://bugzilla.redhat.com/show_bug.cgi?id=2269576	external
https://www.cve.org/CVERecord?id=CVE-2024-28849	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28849	external
https://github.com/follow-redirects/follow-redire…	external
https://access.redhat.com/security/cve/CVE-2024-29131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://www.cve.org/CVERecord?id=CVE-2024-29131	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29131	external
https://github.com/apache/commons-configuration/c…	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-840	external
https://access.redhat.com/security/cve/CVE-2024-29133	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://www.cve.org/CVERecord?id=CVE-2024-29133	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29133	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-841	external
https://access.redhat.com/security/cve/CVE-2024-29180	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270863	external
https://www.cve.org/CVERecord?id=CVE-2024-29180	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29180	external
https://github.com/webpack/webpack-dev-middleware…	external

Acknowledgments

Axel Flamcourt

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Applications 6.2.3 release\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Applications 6.2.3 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* keycloak: path transversal in redirection validation (CVE-2024-1132)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* axios: exposure of confidential data stored in cookies (CVE-2023-45857)\n\n* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)\n\n* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)\n\n* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)\n\n* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n\n* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n\n* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)\n\n* commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (CVE-2024-29133)\n\n* commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (CVE-2024-29131)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3989",
        "url": "https://access.redhat.com/errata/RHSA-2024:3989"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2239630",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
      },
      {
        "category": "external",
        "summary": "2248979",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
      },
      {
        "category": "external",
        "summary": "2250364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
      },
      {
        "category": "external",
        "summary": "2254559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
      },
      {
        "category": "external",
        "summary": "2256413",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
      },
      {
        "category": "external",
        "summary": "2260840",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
      },
      {
        "category": "external",
        "summary": "2262117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
      },
      {
        "category": "external",
        "summary": "2263139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
      },
      {
        "category": "external",
        "summary": "2264988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
      },
      {
        "category": "external",
        "summary": "2264989",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
      },
      {
        "category": "external",
        "summary": "2269576",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
      },
      {
        "category": "external",
        "summary": "2270673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
      },
      {
        "category": "external",
        "summary": "2270674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
      },
      {
        "category": "external",
        "summary": "2270863",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3989.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:09+00:00",
      "generator": {
        "date": "2026-06-10T08:37:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2024:3989",
      "initial_release_date": "2024-06-20T00:34:55+00:00",
      "revision_history": [
        {
          "date": "2024-06-20T00:34:55+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-20T00:34:55+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "MTA 6.2 for RHEL 8",
                "product": {
                  "name": "MTA 6.2 for RHEL 8",
                  "product_id": "9Base-MTA-6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "MTA 6.2 for RHEL 8",
                "product": {
                  "name": "MTA 6.2 for RHEL 8",
                  "product_id": "8Base-MTA-6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Applications"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
                "product": {
                  "name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
                  "product_id": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel9\u0026tag=6.2.3-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
                "product": {
                  "name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
                  "product_id": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-operator-bundle\u0026tag=6.2.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
                "product": {
                  "name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
                  "product_id": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-rhel8-operator\u0026tag=6.2.3-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
                "product": {
                  "name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
                  "product_id": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-pathfinder-rhel9\u0026tag=6.2.3-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
                "product": {
                  "name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
                  "product_id": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel9\u0026tag=6.2.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
                "product": {
                  "name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
                  "product_id": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-addon-rhel9\u0026tag=6.2.3-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64"
        },
        "product_reference": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
        "relates_to_product_reference": "8Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64"
        },
        "product_reference": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64"
        },
        "product_reference": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
        },
        "product_reference": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        },
        "product_reference": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        },
        "product_reference": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26159",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-01-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2256413"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "RHBZ#2256413",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
        }
      ],
      "release_date": "2024-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
    },
    {
      "cve": "CVE-2023-26364",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2023-11-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2250364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "RHBZ#2250364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg",
          "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg"
        }
      ],
      "release_date": "2023-11-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "No mitigation is yet available for this vulnerability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression"
    },
    {
      "cve": "CVE-2023-36479",
      "cwe": {
        "id": "CWE-149",
        "name": "Improper Neutralization of Quoting Syntax"
      },
      "discovery_date": "2023-09-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2239630"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-36479"
        },
        {
          "category": "external",
          "summary": "RHBZ#2239630",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
        }
      ],
      "release_date": "2023-09-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet"
    },
    {
      "cve": "CVE-2023-45857",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-11-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2248979"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: exposure of confidential data stored in cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected container was deprecated in ACM 2.5 version which is not anymore supported. Following versions of this product are not impacted by this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-45857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2248979",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857"
        }
      ],
      "release_date": "2023-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "axios: exposure of confidential data stored in cookies"
    },
    {
      "cve": "CVE-2023-48631",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2254559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe\u0027s css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "css-tools: regular expression denial of service (ReDoS) when parsing CSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Regular Expression Denial of Service (ReDoS) vulnerability in css-tools, triggered by improper input validation when parsing CSS, is considered of moderate severity. While it can lead to a denial of service by causing the application to become unresponsive, the impact is limited to scenarios where an attacker can provide crafted input. Additionally, the absence of evidence of active exploitation in the wild and contextual factors, such as the software\u0027s usage, contribute to the moderate severity rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2254559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2",
          "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2"
        }
      ],
      "release_date": "2023-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "css-tools: regular expression denial of service (ReDoS) when parsing CSS"
    },
    {
      "cve": "CVE-2024-1023",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2024-01-29T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2260840"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "RHBZ#2260840",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/issues/5078",
          "url": "https://github.com/eclipse-vertx/vert.x/issues/5078"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/pull/5080",
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5080"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/pull/5082",
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5082"
        }
      ],
      "release_date": "2024-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Axel Flamcourt"
          ]
        }
      ],
      "cve": "CVE-2024-1132",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-01-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2262117"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: path transversal in redirection validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "RHBZ#2262117",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available for this vulnerability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: path transversal in redirection validation"
    },
    {
      "cve": "CVE-2024-1300",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2024-02-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2263139"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This affects only TLS servers with SNI enabled.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "RHBZ#2263139",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
          "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
        }
      ],
      "release_date": "2024-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
    },
    {
      "cve": "CVE-2024-25710",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2024-02-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25710",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
          "url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
          "url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available for this vulnerability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-02-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264989"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-compress: OutOfMemoryError unpacking broken Pack200 file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264989",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg",
          "url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/02/19/2",
          "url": "https://www.openwall.com/lists/oss-security/2024/02/19/2"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available for this vulnerability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "commons-compress: OutOfMemoryError unpacking broken Pack200 file"
    },
    {
      "cve": "CVE-2024-28849",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2024-03-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Possible credential leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
          "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
        }
      ],
      "release_date": "2024-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Possible credential leak"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270674"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270674",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
          "url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
          "url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
          "url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
    },
    {
      "cve": "CVE-2024-29180",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270863"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270863",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
          "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
        }
      ],
      "release_date": "2024-03-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
    }
  ]
}

RHSA-2024_2945

Vulnerability from csaf_redhat - Published: 2024-05-21 14:18 - Updated: 2024-12-17 22:54

Summary

Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update

Severity

Important

Notes

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-6378

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-499 - Serializable Class Containing Sensitive Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-6481

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-6717

6.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44981

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-1132

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-1249

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CWE-346 - Origin Validation Error

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-22259

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix

Threats

Impact Important

CVE-2024-29025

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-29131

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-29133

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.12`	—	Vendor Fix fix Workaround

Threats

Impact Low

References

71 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2945	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2243436	external
https://bugzilla.redhat.com/show_bug.cgi?id=2252185	external
https://bugzilla.redhat.com/show_bug.cgi?id=2252230	external
https://bugzilla.redhat.com/show_bug.cgi?id=2252956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2253952	external
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://bugzilla.redhat.com/show_bug.cgi?id=2262918	external
https://bugzilla.redhat.com/show_bug.cgi?id=2269846	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272907	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-41678	self
https://bugzilla.redhat.com/show_bug.cgi?id=2252185	external
https://www.cve.org/CVERecord?id=CVE-2022-41678	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41678	external
https://access.redhat.com/security/cve/CVE-2023-6378	self
https://bugzilla.redhat.com/show_bug.cgi?id=2252230	external
https://www.cve.org/CVERecord?id=CVE-2023-6378	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6378	external
https://access.redhat.com/security/cve/CVE-2023-6481	self
https://bugzilla.redhat.com/show_bug.cgi?id=2252956	external
https://www.cve.org/CVERecord?id=CVE-2023-6481	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6481	external
https://access.redhat.com/security/cve/CVE-2023-6717	self
https://bugzilla.redhat.com/show_bug.cgi?id=2253952	external
https://www.cve.org/CVERecord?id=CVE-2023-6717	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6717	external
https://access.redhat.com/security/cve/CVE-2023-44981	self
https://bugzilla.redhat.com/show_bug.cgi?id=2243436	external
https://www.cve.org/CVERecord?id=CVE-2023-44981	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44981	external
https://lists.apache.org/thread/wf0yrk84dg1942z1o…	external
https://access.redhat.com/security/cve/CVE-2024-1132	self
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://www.cve.org/CVERecord?id=CVE-2024-1132	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1132	external
https://access.redhat.com/security/cve/CVE-2024-1249	self
https://bugzilla.redhat.com/show_bug.cgi?id=2262918	external
https://www.cve.org/CVERecord?id=CVE-2024-1249	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1249	external
https://access.redhat.com/security/cve/CVE-2024-22259	self
https://bugzilla.redhat.com/show_bug.cgi?id=2269846	external
https://www.cve.org/CVERecord?id=CVE-2024-22259	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22259	external
https://spring.io/security/cve-2024-22259	external
https://access.redhat.com/security/cve/CVE-2024-29025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272907	external
https://www.cve.org/CVERecord?id=CVE-2024-29025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29025	external
https://gist.github.com/vietj/f558b8ea81ec6505f1e…	external
https://github.com/netty/netty/commit/0d0c6ed782d…	external
https://github.com/netty/netty/security/advisorie…	external
https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812	external
https://access.redhat.com/security/cve/CVE-2024-29131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://www.cve.org/CVERecord?id=CVE-2024-29131	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29131	external
https://github.com/apache/commons-configuration/c…	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-840	external
https://access.redhat.com/security/cve/CVE-2024-29133	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://www.cve.org/CVERecord?id=CVE-2024-29133	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29133	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-841	external

Acknowledgments

Axel Flamcourt

Adriano Márcio Monteiro

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.12.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2023-6717) keycloak: XSS via assertion consumer service URL in SAML POST-binding flow\n* (CVE-2024-1132) keycloak: path transversal in redirection validation\n* (CVE-2024-1249) keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS\n* (CVE-2024-22259) springframework: URL Parsing with Host Validation\n* (CVE-2022-41678) Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE\n* (CVE-2023-44981) zookeeper: Authorization Bypass in Apache ZooKeeper\n* (CVE-2023-6378) logback: serialization vulnerability in logback receiver\n* (CVE-2023-6481) logback: A serialization vulnerability in logback receiver\n* (CVE-2024-29025) netty-codec-http: Allocation of Resources Without Limits or Throttling\n* (CVE-2024-29131) commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()\n* (CVE-2024-29133) commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2945",
        "url": "https://access.redhat.com/errata/RHSA-2024:2945"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.12.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.12.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.12",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.12"
      },
      {
        "category": "external",
        "summary": "2243436",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
      },
      {
        "category": "external",
        "summary": "2252185",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252185"
      },
      {
        "category": "external",
        "summary": "2252230",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
      },
      {
        "category": "external",
        "summary": "2252956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
      },
      {
        "category": "external",
        "summary": "2253952",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
      },
      {
        "category": "external",
        "summary": "2262117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
      },
      {
        "category": "external",
        "summary": "2262918",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
      },
      {
        "category": "external",
        "summary": "2269846",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269846"
      },
      {
        "category": "external",
        "summary": "2270673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
      },
      {
        "category": "external",
        "summary": "2270674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
      },
      {
        "category": "external",
        "summary": "2272907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2945.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update",
    "tracking": {
      "current_release_date": "2024-12-17T22:54:41+00:00",
      "generator": {
        "date": "2024-12-17T22:54:41+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:2945",
      "initial_release_date": "2024-05-21T14:18:30+00:00",
      "revision_history": [
        {
          "date": "2024-05-21T14:18:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-21T14:18:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:54:41+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AMQ Broker 7",
                "product": {
                  "name": "Red Hat AMQ Broker 7",
                  "product_id": "Red Hat AMQ Broker 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:amq_broker:7.12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss AMQ"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41678",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2023-11-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2252185"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.\u00a0\n\nIn details, in ActiveMQ configurations, jetty allows\norg.jolokia.http.AgentServlet to handler request to /api/jolokia\n\norg.jolokia.http.HttpRequestHandler#handlePostRequest is able to\ncreate JmxRequest through JSONObject. And calls to\norg.jolokia.http.HttpRequestHandler#executeRequest.\n\nInto deeper calling stacks,\norg.jolokia.handler.ExecHandler#doHandleRequest can be invoked\nthrough refection. This could lead to RCE through via\nvarious mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.\n\n1 Call newRecording.\n\n2 Call setConfiguration. And a webshell data hides in it.\n\n3 Call startRecording.\n\n4 Call copyTo method. The webshell will be written to a .jsp file.\n\nThe mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.\nA more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.\n",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is considered moderate severity due to the requirement of authenticated access to exploit the flaw, significantly reducing the risk to systems that enforce strong authentication controls. While it does allow for remote code execution through Jolokia\u0027s request handling and Java Management Extensions (JMX), the exploitation pathway is complex and relies on specific conditions, such as the presence of Java 11 or higher and misconfigured or permissive Jolokia settings. an authenticated attacker to achieve remote code execution (RCE) within the ActiveMQ environment.Only an authenticated attacker to achieve remote code execution (RCE) within the ActiveMQ environment. In environments where authentication is well-managed and Jolokia is correctly configured or disabled, the likelihood of successful exploitation is reduced, mitigating the overall impact on system security.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41678"
        },
        {
          "category": "external",
          "summary": "RHBZ#2252185",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252185"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41678"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678"
        }
      ],
      "release_date": "2023-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE"
    },
    {
      "cve": "CVE-2023-6378",
      "cwe": {
        "id": "CWE-499",
        "name": "Serializable Class Containing Sensitive Data"
      },
      "discovery_date": "2023-11-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2252230"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "logback: serialization vulnerability in logback receiver",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6378"
        },
        {
          "category": "external",
          "summary": "RHBZ#2252230",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6378",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378"
        }
      ],
      "release_date": "2023-11-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "logback: serialization vulnerability in logback receiver"
    },
    {
      "cve": "CVE-2023-6481",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2252956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027) via the logback receiver component. This flaw allows an  attacker to mount a denial-of-service attack by sending poisoned data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "logback: A serialization vulnerability in logback receiver",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The security vulnerability in the logback package is considered of moderate severity due to its potential for facilitating a denial-of-service (DoS) attack. While a DoS attack can disrupt service availability, this vulnerability may not lead to more severe consequences such as unauthorized access or data breaches.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6481"
        },
        {
          "category": "external",
          "summary": "RHBZ#2252956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6481",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "logback: A serialization vulnerability in logback receiver"
    },
    {
      "cve": "CVE-2023-6717",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2023-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2253952"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-6717"
        },
        {
          "category": "external",
          "summary": "RHBZ#2253952",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6717"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow"
    },
    {
      "cve": "CVE-2023-44981",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2023-10-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2243436"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "zookeeper: Authorization Bypass in Apache ZooKeeper",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat AMQ 7 Broker and Red Hat AMQ Streams 2 use Zookeeper but do not use or enable the vulnerable functionality, Peer Authentication. They are affected at Moderate Impact by this flaw.\n\nRed Hat Fuse 7 uses Zookeeper but does not use any of its server capabilities and as such is not vulnerable, and so is affected at Low Impact by this flaw.\n\nRed Hat Process Automation Manager 7 and Red Hat Decision Manager 7 do not ship zookeeper, and so are not affected by this flaw.\n\nRed Hat Fuse 6 and AMQ 6 use Zookeeper but are not vulnerable to this flaw, and have been assessed as Important Impact and are as such out of security support scope for this flaw.\n\nRed Hat Business Process Manager Suite 6, Red Hat Business Rules Management Suite 6, Red Hat JBoss Data Virtualization 6, Red Hat OpenShift Application Runtime Vert-x, and Red Hat Fuse Service Works 6 are out of security support scope for this flaw.\n\nAs no Red Hat products are affected at Critical Impact by this flaw, its overall impact has been reduced to Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "RHBZ#2243436",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b",
          "url": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b"
        }
      ],
      "release_date": "2023-10-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "According to Apache\u0027s document: Ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "zookeeper: Authorization Bypass in Apache ZooKeeper"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Axel Flamcourt"
          ]
        }
      ],
      "cve": "CVE-2024-1132",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2262117"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: path transversal in redirection validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "RHBZ#2262117",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: path transversal in redirection validation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Adriano M\u00e1rcio Monteiro"
          ]
        }
      ],
      "cve": "CVE-2024-1249",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "discovery_date": "2024-02-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2262918"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application\u0027s availability without proper origin validation for incoming messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in Keycloak\u0027s OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1249"
        },
        {
          "category": "external",
          "summary": "RHBZ#2262918",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1249"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS"
    },
    {
      "cve": "CVE-2024-22259",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2024-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269846"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "springframework: URL Parsing with Host Validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22259"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269846",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269846"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22259",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259"
        },
        {
          "category": "external",
          "summary": "https://spring.io/security/cve-2024-22259",
          "url": "https://spring.io/security/cve-2024-22259"
        }
      ],
      "release_date": "2024-03-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "springframework: URL Parsing with Host Validation"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272907"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272907",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
          "url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
          "url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
        }
      ],
      "release_date": "2024-03-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270674"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270674",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
          "url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
          "url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
          "url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-21T14:18:30+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
    }
  ]
}

RHSA-2024_3920

Vulnerability from csaf_redhat - Published: 2024-06-13 11:02 - Updated: 2024-12-17 22:44

Summary

Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Severity

Important

Notes

CVE-2023-45857

A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-28849

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-29131

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-29133

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-29180

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Migration Toolkit for Runtimes 1 on RHEL 8 Red Hat / Migration Toolkit for Runtimes	`cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Important

References

32 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:3920	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://issues.redhat.com/browse/WINDUPRULE-1049	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-45857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2248979	external
https://www.cve.org/CVERecord?id=CVE-2023-45857	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45857	external
https://access.redhat.com/security/cve/CVE-2024-28849	self
https://bugzilla.redhat.com/show_bug.cgi?id=2269576	external
https://www.cve.org/CVERecord?id=CVE-2024-28849	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28849	external
https://github.com/follow-redirects/follow-redire…	external
https://access.redhat.com/security/cve/CVE-2024-29131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://www.cve.org/CVERecord?id=CVE-2024-29131	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29131	external
https://github.com/apache/commons-configuration/c…	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-840	external
https://access.redhat.com/security/cve/CVE-2024-29133	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://www.cve.org/CVERecord?id=CVE-2024-29133	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29133	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-841	external
https://access.redhat.com/security/cve/CVE-2024-29180	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270863	external
https://www.cve.org/CVERecord?id=CVE-2024-29180	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29180	external
https://github.com/webpack/webpack-dev-middleware…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Runtimes 1.2.6 release\nRed Hat Product Security has rated this update as having a security impact of Important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Runtimes 1.2.6 ZIP artifacts\n\nSecurity Fix(es):\n\n* axios: exposure of confidential data stored in cookies (CVE-2023-45857)\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n* commons-configuration2: various flaws (CVE-2024-29131)\n* commons-configuration2: various flaws (CVE-2024-29133)\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3920",
        "url": "https://access.redhat.com/errata/RHSA-2024:3920"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
      },
      {
        "category": "external",
        "summary": "WINDUPRULE-1049",
        "url": "https://issues.redhat.com/browse/WINDUPRULE-1049"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3920.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-17T22:44:47+00:00",
      "generator": {
        "date": "2024-12-17T22:44:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:3920",
      "initial_release_date": "2024-06-13T11:02:36+00:00",
      "revision_history": [
        {
          "date": "2024-06-13T11:02:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-13T11:02:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:44:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                "product": {
                  "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Runtimes"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45857",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-11-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2248979"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: exposure of confidential data stored in cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected container was deprecated in ACM 2.5 version which is not anymore supported. Following versions of this product are not impacted by this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-45857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2248979",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857"
        }
      ],
      "release_date": "2023-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "axios: exposure of confidential data stored in cookies"
    },
    {
      "cve": "CVE-2024-28849",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2024-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Possible credential leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
          "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
        }
      ],
      "release_date": "2024-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Possible credential leak"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270674"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270674",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
          "url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
          "url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
          "url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
    },
    {
      "cve": "CVE-2024-29180",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270863"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Migration Toolkit for Runtimes 1 on RHEL 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270863",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
          "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
        }
      ],
      "release_date": "2024-03-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:02:36+00:00",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3920"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Migration Toolkit for Runtimes 1 on RHEL 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
    }
  ]
}

RHSA-2024_3989

Vulnerability from csaf_redhat - Published: 2024-06-20 00:34 - Updated: 2024-12-17 22:45

Summary

Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Severity

Important

Notes

CVE-2023-26159

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64	—	Workaround

Threats

Impact Moderate

CVE-2023-26364

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2023-36479

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-149 - Improper Neutralization of Quoting Syntax

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64		—

Threats

Impact Low

CVE-2023-45857

A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2023-48631

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-1023

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-1132

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Important

CVE-2024-1300

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-25710

A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-26308

An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-28849

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64		—	Vendor Fix fix
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix

Known not affected 4 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64		—
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64		—

Threats

Impact Moderate

CVE-2024-29131

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Low

CVE-2024-29133

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64	—	Workaround

Threats

Impact Low

CVE-2024-29180

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64		—	Vendor Fix fix Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64		—	Vendor Fix fix Workaround

Known not affected 4 products

Product	Version	Remediation
Unresolved product id: 8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64	—	Workaround
Unresolved product id: 9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64	—	Workaround

Threats

Impact Important

References

90 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:3989	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2239630	external
https://bugzilla.redhat.com/show_bug.cgi?id=2248979	external
https://bugzilla.redhat.com/show_bug.cgi?id=2250364	external
https://bugzilla.redhat.com/show_bug.cgi?id=2254559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2256413	external
https://bugzilla.redhat.com/show_bug.cgi?id=2260840	external
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://bugzilla.redhat.com/show_bug.cgi?id=2263139	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264988	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264989	external
https://bugzilla.redhat.com/show_bug.cgi?id=2269576	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270863	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-26159	self
https://bugzilla.redhat.com/show_bug.cgi?id=2256413	external
https://www.cve.org/CVERecord?id=CVE-2023-26159	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26159	external
https://access.redhat.com/security/cve/CVE-2023-26364	self
https://bugzilla.redhat.com/show_bug.cgi?id=2250364	external
https://www.cve.org/CVERecord?id=CVE-2023-26364	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26364	external
https://github.com/adobe/css-tools/security/advis…	external
https://access.redhat.com/security/cve/CVE-2023-36479	self
https://bugzilla.redhat.com/show_bug.cgi?id=2239630	external
https://www.cve.org/CVERecord?id=CVE-2023-36479	external
https://nvd.nist.gov/vuln/detail/CVE-2023-36479	external
https://access.redhat.com/security/cve/CVE-2023-45857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2248979	external
https://www.cve.org/CVERecord?id=CVE-2023-45857	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45857	external
https://access.redhat.com/security/cve/CVE-2023-48631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2254559	external
https://www.cve.org/CVERecord?id=CVE-2023-48631	external
https://nvd.nist.gov/vuln/detail/CVE-2023-48631	external
https://github.com/adobe/css-tools/security/advis…	external
https://access.redhat.com/security/cve/CVE-2024-1023	self
https://bugzilla.redhat.com/show_bug.cgi?id=2260840	external
https://www.cve.org/CVERecord?id=CVE-2024-1023	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1023	external
https://github.com/eclipse-vertx/vert.x/issues/5078	external
https://github.com/eclipse-vertx/vert.x/pull/5080	external
https://github.com/eclipse-vertx/vert.x/pull/5082	external
https://access.redhat.com/security/cve/CVE-2024-1132	self
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://www.cve.org/CVERecord?id=CVE-2024-1132	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1132	external
https://access.redhat.com/security/cve/CVE-2024-1300	self
https://bugzilla.redhat.com/show_bug.cgi?id=2263139	external
https://www.cve.org/CVERecord?id=CVE-2024-1300	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1300	external
https://vertx.io/docs/vertx-core/java/#_server_na…	external
https://access.redhat.com/security/cve/CVE-2024-25710	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264988	external
https://www.cve.org/CVERecord?id=CVE-2024-25710	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25710	external
http://www.openwall.com/lists/oss-security/2024/02/19/1	external
https://lists.apache.org/thread/cz8qkcwphy4cx8glt…	external
https://access.redhat.com/security/cve/CVE-2024-26308	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264989	external
https://www.cve.org/CVERecord?id=CVE-2024-26308	external
https://nvd.nist.gov/vuln/detail/CVE-2024-26308	external
https://lists.apache.org/thread/ch5yo2d21p7vlqrhl…	external
https://www.openwall.com/lists/oss-security/2024/…	external
https://access.redhat.com/security/cve/CVE-2024-28849	self
https://bugzilla.redhat.com/show_bug.cgi?id=2269576	external
https://www.cve.org/CVERecord?id=CVE-2024-28849	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28849	external
https://github.com/follow-redirects/follow-redire…	external
https://access.redhat.com/security/cve/CVE-2024-29131	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270674	external
https://www.cve.org/CVERecord?id=CVE-2024-29131	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29131	external
https://github.com/apache/commons-configuration/c…	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-840	external
https://access.redhat.com/security/cve/CVE-2024-29133	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270673	external
https://www.cve.org/CVERecord?id=CVE-2024-29133	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29133	external
https://github.com/apache/commons-configuration/c…	external
https://issues.apache.org/jira/browse/CONFIGURATION-841	external
https://access.redhat.com/security/cve/CVE-2024-29180	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270863	external
https://www.cve.org/CVERecord?id=CVE-2024-29180	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29180	external
https://github.com/webpack/webpack-dev-middleware…	external

Acknowledgments

Axel Flamcourt

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Applications 6.2.3 release\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Applications 6.2.3 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* keycloak: path transversal in redirection validation (CVE-2024-1132)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* axios: exposure of confidential data stored in cookies (CVE-2023-45857)\n\n* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)\n\n* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)\n\n* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)\n\n* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n\n* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n\n* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)\n\n* commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (CVE-2024-29133)\n\n* commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (CVE-2024-29131)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3989",
        "url": "https://access.redhat.com/errata/RHSA-2024:3989"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2239630",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
      },
      {
        "category": "external",
        "summary": "2248979",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
      },
      {
        "category": "external",
        "summary": "2250364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
      },
      {
        "category": "external",
        "summary": "2254559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
      },
      {
        "category": "external",
        "summary": "2256413",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
      },
      {
        "category": "external",
        "summary": "2260840",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
      },
      {
        "category": "external",
        "summary": "2262117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
      },
      {
        "category": "external",
        "summary": "2263139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
      },
      {
        "category": "external",
        "summary": "2264988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
      },
      {
        "category": "external",
        "summary": "2264989",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
      },
      {
        "category": "external",
        "summary": "2269576",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
      },
      {
        "category": "external",
        "summary": "2270673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
      },
      {
        "category": "external",
        "summary": "2270674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
      },
      {
        "category": "external",
        "summary": "2270863",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3989.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update",
    "tracking": {
      "current_release_date": "2024-12-17T22:45:59+00:00",
      "generator": {
        "date": "2024-12-17T22:45:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:3989",
      "initial_release_date": "2024-06-20T00:34:55+00:00",
      "revision_history": [
        {
          "date": "2024-06-20T00:34:55+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-20T00:34:55+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:45:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "MTA 6.2 for RHEL 8",
                "product": {
                  "name": "MTA 6.2 for RHEL 8",
                  "product_id": "9Base-MTA-6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "MTA 6.2 for RHEL 8",
                "product": {
                  "name": "MTA 6.2 for RHEL 8",
                  "product_id": "8Base-MTA-6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Applications"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
                "product": {
                  "name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
                  "product_id": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel9\u0026tag=6.2.3-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
                "product": {
                  "name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
                  "product_id": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-operator-bundle\u0026tag=6.2.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
                "product": {
                  "name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
                  "product_id": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-rhel8-operator\u0026tag=6.2.3-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
                "product": {
                  "name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
                  "product_id": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-pathfinder-rhel9\u0026tag=6.2.3-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
                "product": {
                  "name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
                  "product_id": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel9\u0026tag=6.2.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
                "product": {
                  "name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
                  "product_id": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-addon-rhel9\u0026tag=6.2.3-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64"
        },
        "product_reference": "mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
        "relates_to_product_reference": "8Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64"
        },
        "product_reference": "mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64"
        },
        "product_reference": "mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
        },
        "product_reference": "mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        },
        "product_reference": "mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 as a component of MTA 6.2 for RHEL 8",
          "product_id": "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        },
        "product_reference": "mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64",
        "relates_to_product_reference": "9Base-MTA-6.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26159",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-01-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2256413"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "RHBZ#2256413",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
        }
      ],
      "release_date": "2024-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
    },
    {
      "cve": "CVE-2023-26364",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2023-11-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2250364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "RHBZ#2250364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg",
          "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg"
        }
      ],
      "release_date": "2023-11-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "No mitigation is yet available for this vulnerability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression"
    },
    {
      "cve": "CVE-2023-36479",
      "cwe": {
        "id": "CWE-149",
        "name": "Improper Neutralization of Quoting Syntax"
      },
      "discovery_date": "2023-09-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2239630"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-36479"
        },
        {
          "category": "external",
          "summary": "RHBZ#2239630",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
        }
      ],
      "release_date": "2023-09-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet"
    },
    {
      "cve": "CVE-2023-45857",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-11-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2248979"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios that may expose a confidential session token. This issue can allow a remote attacker to bypass security measures and view sensitive data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: exposure of confidential data stored in cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected container was deprecated in ACM 2.5 version which is not anymore supported. Following versions of this product are not impacted by this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-45857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2248979",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248979"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45857"
        }
      ],
      "release_date": "2023-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "axios: exposure of confidential data stored in cookies"
    },
    {
      "cve": "CVE-2023-48631",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-12-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2254559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe\u0027s css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "css-tools: regular expression denial of service (ReDoS) when parsing CSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Regular Expression Denial of Service (ReDoS) vulnerability in css-tools, triggered by improper input validation when parsing CSS, is considered of moderate severity. While it can lead to a denial of service by causing the application to become unresponsive, the impact is limited to scenarios where an attacker can provide crafted input. Additionally, the absence of evidence of active exploitation in the wild and contextual factors, such as the software\u0027s usage, contribute to the moderate severity rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2254559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2",
          "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2"
        }
      ],
      "release_date": "2023-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "css-tools: regular expression denial of service (ReDoS) when parsing CSS"
    },
    {
      "cve": "CVE-2024-1023",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2024-01-29T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2260840"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "RHBZ#2260840",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/issues/5078",
          "url": "https://github.com/eclipse-vertx/vert.x/issues/5078"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/pull/5080",
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5080"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/pull/5082",
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5082"
        }
      ],
      "release_date": "2024-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Axel Flamcourt"
          ]
        }
      ],
      "cve": "CVE-2024-1132",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-01-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2262117"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: path transversal in redirection validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "RHBZ#2262117",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available for this vulnerability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: path transversal in redirection validation"
    },
    {
      "cve": "CVE-2024-1300",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2024-02-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2263139"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This affects only TLS servers with SNI enabled.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "RHBZ#2263139",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
          "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
        }
      ],
      "release_date": "2024-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
    },
    {
      "cve": "CVE-2024-25710",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2024-02-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25710",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
          "url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
          "url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available for this vulnerability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-02-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264989"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-compress: OutOfMemoryError unpacking broken Pack200 file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264989",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg",
          "url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/02/19/2",
          "url": "https://www.openwall.com/lists/oss-security/2024/02/19/2"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available for this vulnerability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "commons-compress: OutOfMemoryError unpacking broken Pack200 file"
    },
    {
      "cve": "CVE-2024-28849",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2024-03-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Possible credential leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
          "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
        }
      ],
      "release_date": "2024-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Possible credential leak"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270674"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270674",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
          "url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
          "url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270673"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270673",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
          "url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
          "url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
        }
      ],
      "release_date": "2024-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
    },
    {
      "cve": "CVE-2024-29180",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-03-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270863"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
          "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
        ],
        "known_not_affected": [
          "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
          "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
          "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
          "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270863",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
        },
        {
          "category": "external",
          "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
          "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
        }
      ],
      "release_date": "2024-03-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-20T00:34:55+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64",
            "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64",
            "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64",
            "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64",
            "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64",
            "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
    }
  ]
}

SUSE-SU-2024:1365-1

Vulnerability from csaf_suse - Published: 2024-04-22 08:33 - Updated: 2024-04-22 08:33

Summary

Security update for apache-commons-configuration2

Severity

Moderate

Notes

Title of the patch: Security update for apache-commons-configuration2

Description of the patch: This update for apache-commons-configuration2 fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (bsc#1221797). - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (bsc#1221793).

Patchnames: SUSE-2024-1365,SUSE-SLE-Module-Development-Tools-15-SP5-2024-1365,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1365,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1365,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1365,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1365,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1365,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1365,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1365,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1365,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1365,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1365,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1365,SUSE-Storage-7.1-2024-1365,openSUSE-SLE-15.5-2024-1365

CVE-2024-29131

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2024-29133

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

12 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2024…	self
https://bugzilla.suse.com/1221793	self
https://bugzilla.suse.com/1221797	self
https://www.suse.com/security/cve/CVE-2024-29131/	self
https://www.suse.com/security/cve/CVE-2024-29133/	self
https://www.suse.com/security/cve/CVE-2024-29131	external
https://bugzilla.suse.com/1221797	external
https://www.suse.com/security/cve/CVE-2024-29133	external
https://bugzilla.suse.com/1221793	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for apache-commons-configuration2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for apache-commons-configuration2 fixes the following issues:\n\n- CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (bsc#1221797).\n- CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (bsc#1221793).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1365,SUSE-SLE-Module-Development-Tools-15-SP5-2024-1365,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1365,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1365,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1365,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1365,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1365,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1365,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1365,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1365,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1365,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1365,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1365,SUSE-Storage-7.1-2024-1365,openSUSE-SLE-15.5-2024-1365",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1365-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1365-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241365-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1365-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035047.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1221793",
        "url": "https://bugzilla.suse.com/1221793"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1221797",
        "url": "https://bugzilla.suse.com/1221797"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-29131 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-29131/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-29133 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-29133/"
      }
    ],
    "title": "Security update for apache-commons-configuration2",
    "tracking": {
      "current_release_date": "2024-04-22T08:33:21Z",
      "generator": {
        "date": "2024-04-22T08:33:21Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1365-1",
      "initial_release_date": "2024-04-22T08:33:21Z",
      "revision_history": [
        {
          "date": "2024-04-22T08:33:21Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
                "product": {
                  "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
                  "product_id": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch",
                "product": {
                  "name": "apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch",
                  "product_id": "apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7.1",
                "product": {
                  "name": "SUSE Enterprise Storage 7.1",
                  "product_id": "SUSE Enterprise Storage 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch"
        },
        "product_reference": "apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-29131",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-29131"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-29131",
          "url": "https://www.suse.com/security/cve/CVE-2024-29131"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221797 for CVE-2024-29131",
          "url": "https://bugzilla.suse.com/1221797"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-04-22T08:33:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-29133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-29133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
          "openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-29133",
          "url": "https://www.suse.com/security/cve/CVE-2024-29133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221793 for CVE-2024-29133",
          "url": "https://bugzilla.suse.com/1221793"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "openSUSE Leap 15.5:apache-commons-configuration2-2.10.1-150200.5.8.1.noarch",
            "openSUSE Leap 15.5:apache-commons-configuration2-javadoc-2.10.1-150200.5.8.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-04-22T08:33:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-29133"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-29133 (GCVE-0-2024-29133)

Tags

Sightings

Nomenclature