Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-38286 (GCVE-0-2024-38286)
Vulnerability from cvelistv5 – Published: 2024-11-07 07:37 – Updated: 2025-11-03 20:38
VLAI
EPSS
Title
Apache Tomcat: Denial of Service
Summary
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.
Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.0-M20
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.24 (semver) Affected: 9.0.13 , ≤ 9.0.89 (semver) Affected: 8.5.35 , ≤ 8.5.100 (semver) Affected: 7.0.92 , ≤ 7.0.109 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
|
| apache | tomcat |
Affected:
11.0.0-m1 , ≤ 11.0.0-m20
(semver)
Affected: 10.1.0-m1 , ≤ 10.1.24 (semver) Affected: 9.0.13 , ≤ 9.0.89 (custom) cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Credits
Ozaki, North Grid Corporation
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:04.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/23/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241101-0010/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tomcat",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "11.0.0-m20",
"status": "affected",
"version": "11.0.0-m1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.24",
"status": "affected",
"version": "10.1.0-m1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.89",
"status": "affected",
"version": "9.0.13",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:33:49.152023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:36:00.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-M20",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.24",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.89",
"status": "affected",
"version": "9.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.109",
"status": "affected",
"version": "7.0.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ozaki, North Grid Corporation"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.\u0026nbsp;Other EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003eApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.\u00a0Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:54:56.605Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-04T06:21:00.000Z",
"value": "Issue reported to Apache Tomcat Security Team"
}
],
"title": "Apache Tomcat: Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-38286",
"datePublished": "2024-11-07T07:37:32.224Z",
"dateReserved": "2024-06-12T16:27:23.740Z",
"dateUpdated": "2025-11-03T20:38:04.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-38286",
"date": "2026-06-11",
"epss": "0.00401",
"percentile": "0.61209"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\\n\\n\\n\\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de asignaci\\u00f3n de recursos sin l\\u00edmites o limitaci\\u00f3n de recursos en Apache Tomcat. Este problema afecta a Apache Tomcat: desde la versi\\u00f3n 11.0.0-M1 hasta la 11.0.0-M20, desde la versi\\u00f3n 10.1.0-M1 hasta la 10.1.24, desde la versi\\u00f3n 9.0.13 hasta la 9.0.89. Tambi\\u00e9n pueden verse afectadas versiones anteriores no compatibles. Se recomienda a los usuarios que actualicen a la versi\\u00f3n 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema. Apache Tomcat, en determinadas configuraciones de cualquier plataforma, permite a un atacante provocar un error OutOfMemoryError abusando del proceso de enlace TLS.\"}]",
"id": "CVE-2024-38286",
"lastModified": "2024-11-21T09:25:17.487",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}]}",
"published": "2024-11-07T08:15:13.007",
"references": "[{\"url\": \"https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/09/23/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241101-0010/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-38286\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-11-07T08:15:13.007\",\"lastModified\":\"2025-11-03T21:16:14.353\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\\n\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.\u00a0Other EOL versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\\n\\n\\n\\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites o limitaci\u00f3n de recursos en Apache Tomcat. Este problema afecta a Apache Tomcat: desde la versi\u00f3n 11.0.0-M1 hasta la 11.0.0-M20, desde la versi\u00f3n 10.1.0-M1 hasta la 10.1.24, desde la versi\u00f3n 9.0.13 hasta la 9.0.89. Tambi\u00e9n pueden verse afectadas versiones anteriores no compatibles. Se recomienda a los usuarios que actualicen a la versi\u00f3n 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema. Apache Tomcat, en determinadas configuraciones de cualquier plataforma, permite a un atacante provocar un error OutOfMemoryError abusando del proceso de enlace TLS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.13\",\"versionEndExcluding\":\"9.0.90\",\"matchCriteriaId\":\"C1F40EB4-1D56-45C7-B083-B1613E63B26C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.1\",\"versionEndExcluding\":\"10.1.25\",\"matchCriteriaId\":\"6F8D202A-1A79-47E5-81AD-A3C4BBB135EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D402B5D-5901-43EB-8E6A-ECBD512CE367\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6BD4180-D3E8-42AB-96B1-3869ECF47F6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*\",\"matchCriteriaId\":\"64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC64BB57-4912-481E-AE8D-C8FCD36142BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*\",\"matchCriteriaId\":\"49B43BFD-6B6C-4E6D-A9D8-308709DDFB44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*\",\"matchCriteriaId\":\"919C16BD-79A7-4597-8D23-2CBDED2EF615\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*\",\"matchCriteriaId\":\"81B27C03-D626-42EC-AE4E-1E66624908E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD81405D-81A5-4683-A355-B39C912DAD2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DCE3576-86BC-4BB8-A5FB-1274744DFD7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*\",\"matchCriteriaId\":\"5571F54A-2EAC-41B6-BDA9-7D33CFE97F70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9846609D-51FC-4CDD-97B3-8C6E07108F14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED30E850-C475-4133-BDE3-74CB3768D787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E321FB4-0B0C-497A-BB75-909D888C93CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB9D150-EED6-4AE9-BCBE-48932E50035E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D334103F-F64E-4869-BCC8-670A5AFCC76C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"941FCF7B-FFB6-4967-95C7-BB3D32C73DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE1A9030-B397-4BA6-8E13-DA1503872DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"6284B74A-1051-40A7-9D74-380FEEEC3F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*\",\"matchCriteriaId\":\"0092FB35-3B00-484F-A24D-7828396A4FF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*\",\"matchCriteriaId\":\"72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*\",\"matchCriteriaId\":\"3521C81B-37D9-48FC-9540-D0D333B9A4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*\",\"matchCriteriaId\":\"02A84634-A8F2-4BA9-B9F3-BEF36AEC5480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECBBC1F1-C86B-40AF-B740-A99F6B27682A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*\",\"matchCriteriaId\":\"0495A538-4102-40D0-A35C-0179CFD52A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*\",\"matchCriteriaId\":\"77BA6600-0890-4BA1-B447-EC1746BAB4FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A171AF-2EC8-4422-912C-547CDB58CAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"5333B745-F7A3-46CB-8437-8668DB08CD6F\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/09/23/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241101-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/09/23/2\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241101-0010/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:38:04.247Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38286\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-07T16:33:49.152023Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-m1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.0-m20\"}, {\"status\": \"affected\", \"version\": \"10.1.0-m1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.24\"}, {\"status\": \"affected\", \"version\": \"9.0.13\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.89\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-07T16:35:47.994Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: Denial of Service\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Ozaki, North Grid Corporation\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.0-M20\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.24\"}, {\"status\": \"affected\", \"version\": \"9.0.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.89\"}, {\"status\": \"affected\", \"version\": \"8.5.35\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"affected\", \"version\": \"7.0.92\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.109\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-06-04T06:21:00.000Z\", \"value\": \"Issue reported to Apache Tomcat Security Team\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\\n\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.\\u00a0Other EOL versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\\n\\n\\n\\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAllocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.\u0026nbsp;Other EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003eApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:54:56.605Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-38286\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:38:04.247Z\", \"dateReserved\": \"2024-06-12T16:27:23.740Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-11-07T07:37:32.224Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2024-2202
Vulnerability from csaf_certbund - Published: 2024-09-23 22:00 - Updated: 2025-06-09 22:00Summary
Apache Tomcat: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Windows
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source Camunda <7.22.0-alpha5
Open Source / Camunda
|
<7.22.0-alpha5 | ||
|
Open Source Camunda <7.21.4
Open Source / Camunda
|
<7.21.4 | ||
|
Apache Tomcat <11.0.0-M21
Apache / Tomcat
|
<11.0.0-M21 | ||
|
Apache Tomcat <10.1.25
Apache / Tomcat
|
<10.1.25 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Apache Tomcat <9.0.90
Apache / Tomcat
|
<9.0.90 | ||
|
Open Source Camunda <7.20.8
Open Source / Camunda
|
<7.20.8 | ||
|
Open Source Camunda <7.19.15
Open Source / Camunda
|
<7.19.15 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
References
17 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2202 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2202.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2202 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2202"
},
{
"category": "external",
"summary": "Apache Mail Archive vom 2024-09-23",
"url": "https://www.mail-archive.com/announce@apache.org/msg09502.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3510-1 vom 2024-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019542.html"
},
{
"category": "external",
"summary": "### vom 2024-10-14",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8497 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8497"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8494 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8494"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8528 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8528"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8543 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8567 vom 2024-10-29",
"url": "https://access.redhat.com/errata/RHSA-2024:8567"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8572 vom 2024-10-29",
"url": "https://access.redhat.com/errata/RHSA-2024:8572"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20241101-0010 vom 2024-11-01",
"url": "https://security.netapp.com/advisory/ntap-20241101-0010/"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4017 vom 2025-01-17",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5845 vom 2025-01-17",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00007.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7562-1 vom 2025-06-10",
"url": "https://ubuntu.com/security/notices/USN-7562-1"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-06-09T22:00:00.000+00:00",
"generator": {
"date": "2025-06-10T08:23:26.583+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-2202",
"initial_release_date": "2024-09-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-10-27T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-01-16T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.0-M21",
"product": {
"name": "Apache Tomcat \u003c11.0.0-M21",
"product_id": "T037797"
}
},
{
"category": "product_version",
"name": "11.0.0-M21",
"product": {
"name": "Apache Tomcat 11.0.0-M21",
"product_id": "T037797-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.0-m21"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.25",
"product": {
"name": "Apache Tomcat \u003c10.1.25",
"product_id": "T037798"
}
},
{
"category": "product_version",
"name": "10.1.25",
"product": {
"name": "Apache Tomcat 10.1.25",
"product_id": "T037798-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.25"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.90",
"product": {
"name": "Apache Tomcat \u003c9.0.90",
"product_id": "T037799"
}
},
{
"category": "product_version",
"name": "9.0.90",
"product": {
"name": "Apache Tomcat 9.0.90",
"product_id": "T037799-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.90"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T032260",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.22.0-alpha5",
"product": {
"name": "Open Source Camunda \u003c7.22.0-alpha5",
"product_id": "T037648"
}
},
{
"category": "product_version",
"name": "7.22.0-alpha5",
"product": {
"name": "Open Source Camunda 7.22.0-alpha5",
"product_id": "T037648-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.22.0-alpha5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.21.4",
"product": {
"name": "Open Source Camunda \u003c7.21.4",
"product_id": "T037649"
}
},
{
"category": "product_version",
"name": "7.21.4",
"product": {
"name": "Open Source Camunda 7.21.4",
"product_id": "T037649-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.21.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.20.8",
"product": {
"name": "Open Source Camunda \u003c7.20.8",
"product_id": "T037650"
}
},
{
"category": "product_version",
"name": "7.20.8",
"product": {
"name": "Open Source Camunda 7.20.8",
"product_id": "T037650-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.20.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.19.15",
"product": {
"name": "Open Source Camunda \u003c7.19.15",
"product_id": "T037651"
}
},
{
"category": "product_version",
"name": "7.19.15",
"product": {
"name": "Open Source Camunda 7.19.15",
"product_id": "T037651-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.19.15"
}
}
}
],
"category": "product_name",
"name": "Camunda"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38286",
"product_status": {
"known_affected": [
"T028053",
"67646",
"T037648",
"T037649",
"T037797",
"T037798",
"T032260",
"T037799",
"T037650",
"T037651",
"T038741",
"2951",
"T002207",
"T000126"
]
},
"release_date": "2024-09-23T22:00:00.000+00:00",
"title": "CVE-2024-38286"
}
]
}
WID-SEC-W-2025-0521
Vulnerability from csaf_certbund - Published: 2025-03-10 23:00 - Updated: 2025-03-10 23:00Summary
SAP Patchday März 2025: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff: Ein Angreifer kann diese Schwachstellen ausnutzen, um erhöhte Privilegien zu erlangen, beliebigen Code auszuführen, Cross-Site-Scripting-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und Daten zu manipulieren.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann diese Schwachstellen ausnutzen, um erh\u00f6hte Privilegien zu erlangen, beliebigen Code auszuf\u00fchren, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0521 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0521.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0521 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0521"
},
{
"category": "external",
"summary": "SAP Security Patch Day - March 2025 vom 2025-03-10",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday M\u00e4rz 2025: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-10T23:00:00.000+00:00",
"generator": {
"date": "2025-03-11T11:40:17.201+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0521",
"initial_release_date": "2025-03-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T041721",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38286",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-38819",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-39592",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-39592"
},
{
"cve": "CVE-2024-41736",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-41736"
},
{
"cve": "CVE-2024-52316",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2025-0062",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-0062"
},
{
"cve": "CVE-2025-0071",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-0071"
},
{
"cve": "CVE-2025-23185",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-23185"
},
{
"cve": "CVE-2025-23188",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-23188"
},
{
"cve": "CVE-2025-23194",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-23194"
},
{
"cve": "CVE-2025-24876",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-24876"
},
{
"cve": "CVE-2025-25242",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-25242"
},
{
"cve": "CVE-2025-25244",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-25244"
},
{
"cve": "CVE-2025-25245",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-25245"
},
{
"cve": "CVE-2025-26655",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26655"
},
{
"cve": "CVE-2025-26656",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26656"
},
{
"cve": "CVE-2025-26658",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26658"
},
{
"cve": "CVE-2025-26659",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26659"
},
{
"cve": "CVE-2025-26660",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26660"
},
{
"cve": "CVE-2025-26661",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-26661"
},
{
"cve": "CVE-2025-27430",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27430"
},
{
"cve": "CVE-2025-27431",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27431"
},
{
"cve": "CVE-2025-27432",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27432"
},
{
"cve": "CVE-2025-27433",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27433"
},
{
"cve": "CVE-2025-27434",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27434"
},
{
"cve": "CVE-2025-27436",
"product_status": {
"known_affected": [
"T041721"
]
},
"release_date": "2025-03-10T23:00:00.000+00:00",
"title": "CVE-2025-27436"
}
]
}
WID-SEC-W-2026-0177
Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-28 23:00Summary
Atlassian Bamboo, Bitbucket, Confluence und Jira: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Confluence ist eine kommerzielle Wiki-Software.
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, und um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira Data Center <11.3.0
Atlassian / Jira
|
Data Center <11.3.0 | ||
|
Atlassian Confluence Data Center <9.2.13
Atlassian / Confluence
|
Data Center <9.2.13 | ||
|
Atlassian Jira Data Center <10.3.16
Atlassian / Jira
|
Data Center <10.3.16 | ||
|
Atlassian Jira Data Center <11.2.1
Atlassian / Jira
|
Data Center <11.2.1 | ||
|
Atlassian Bitbucket Data Center <9.4.15
Atlassian / Bitbucket
|
Data Center <9.4.15 | ||
|
Atlassian Bitbucket Data Center <10.1.1
Atlassian / Bitbucket
|
Data Center <10.1.1 | ||
|
Atlassian Confluence Data Center <10.2.2
Atlassian / Confluence
|
Data Center <10.2.2 | ||
|
Atlassian Bitbucket Data Center <8.19.26
Atlassian / Bitbucket
|
Data Center <8.19.26 | ||
|
Atlassian Bamboo Data Center <10.2.13
Atlassian / Bamboo
|
Data Center <10.2.13 | ||
|
Atlassian Bamboo Data Center <12.0.2
Atlassian / Bamboo
|
Data Center <12.0.2 | ||
|
Atlassian Jira <9.12.26
Atlassian / Jira
|
<9.12.26 | ||
|
Atlassian Bamboo Data Center <9.6.21
Atlassian / Bamboo
|
Data Center <9.6.21 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0177 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0177.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0177 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0177"
},
{
"category": "external",
"summary": "Atlassian Support Security Bulletin vom 2026-01-20",
"url": "https://confluence.atlassian.com/security/security-bulletin-january-20-2026-1712324819.html"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo, Bitbucket, Confluence und Jira: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-28T23:00:00.000+00:00",
"generator": {
"date": "2026-01-29T07:51:12.449+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0177",
"initial_release_date": "2026-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-4913"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c12.0.2",
"product": {
"name": "Atlassian Bamboo Data Center \u003c12.0.2",
"product_id": "T050227"
}
},
{
"category": "product_version",
"name": "Data Center 12.0.2",
"product": {
"name": "Atlassian Bamboo Data Center 12.0.2",
"product_id": "T050227-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__12.0.2"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.13",
"product": {
"name": "Atlassian Bamboo Data Center \u003c10.2.13",
"product_id": "T050228"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.13",
"product": {
"name": "Atlassian Bamboo Data Center 10.2.13",
"product_id": "T050228-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__10.2.13"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.6.21",
"product": {
"name": "Atlassian Bamboo Data Center \u003c9.6.21",
"product_id": "T050229"
}
},
{
"category": "product_version",
"name": "Data Center 9.6.21",
"product": {
"name": "Atlassian Bamboo Data Center 9.6.21",
"product_id": "T050229-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__9.6.21"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c10.1.1",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c10.1.1",
"product_id": "T050230"
}
},
{
"category": "product_version",
"name": "Data Center 10.1.1",
"product": {
"name": "Atlassian Bitbucket Data Center 10.1.1",
"product_id": "T050230-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__10.1.1"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.4.15",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c9.4.15",
"product_id": "T050231"
}
},
{
"category": "product_version",
"name": "Data Center 9.4.15",
"product": {
"name": "Atlassian Bitbucket Data Center 9.4.15",
"product_id": "T050231-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__9.4.15"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c8.19.26",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c8.19.26",
"product_id": "T050232"
}
},
{
"category": "product_version",
"name": "Data Center 8.19.26",
"product": {
"name": "Atlassian Bitbucket Data Center 8.19.26",
"product_id": "T050232-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__8.19.26"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.2",
"product": {
"name": "Atlassian Confluence Data Center \u003c10.2.2",
"product_id": "T050233"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.2",
"product": {
"name": "Atlassian Confluence Data Center 10.2.2",
"product_id": "T050233-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.2.13",
"product": {
"name": "Atlassian Confluence Data Center \u003c9.2.13",
"product_id": "T050234"
}
},
{
"category": "product_version",
"name": "Data Center 9.2.13",
"product": {
"name": "Atlassian Confluence Data Center 9.2.13",
"product_id": "T050234-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__9.2.13"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c11.3.0",
"product": {
"name": "Atlassian Jira Data Center \u003c11.3.0",
"product_id": "T050235"
}
},
{
"category": "product_version",
"name": "Data Center 11.3.0",
"product": {
"name": "Atlassian Jira Data Center 11.3.0",
"product_id": "T050235-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__11.3.0"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c11.2.1",
"product": {
"name": "Atlassian Jira Data Center \u003c11.2.1",
"product_id": "T050236"
}
},
{
"category": "product_version",
"name": "Data Center 11.2.1",
"product": {
"name": "Atlassian Jira Data Center 11.2.1",
"product_id": "T050236-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__11.2.1"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.3.16",
"product": {
"name": "Atlassian Jira Data Center \u003c10.3.16",
"product_id": "T050237"
}
},
{
"category": "product_version",
"name": "Data Center 10.3.16",
"product": {
"name": "Atlassian Jira Data Center 10.3.16",
"product_id": "T050237-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__10.3.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.12.26",
"product": {
"name": "Atlassian Jira \u003c9.12.26",
"product_id": "T050238"
}
},
{
"category": "product_version",
"name": "9.12.26",
"product": {
"name": "Atlassian Jira 9.12.26",
"product_id": "T050238-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:9.12.26"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
}
],
"category": "vendor",
"name": "Dell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3807",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2022-25883",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2022-25883"
},
{
"cve": "CVE-2022-45693",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2024-21538",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-21538"
},
{
"cve": "CVE-2024-38286",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2025-12383",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-15284",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-15284"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-41249",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48976",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49146",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-49146"
},
{
"cve": "CVE-2025-52434",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52999",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53689",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-53689"
},
{
"cve": "CVE-2025-54988",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-55752",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-64775",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-64775"
},
{
"cve": "CVE-2025-66516",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2025-9287",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-9287"
},
{
"cve": "CVE-2025-9288",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-9288"
},
{
"cve": "CVE-2026-21569",
"product_status": {
"known_affected": [
"T050283",
"T050235",
"T050234",
"T050237",
"T050236",
"T050231",
"T050230",
"T050233",
"T050232",
"T050228",
"T050227",
"T050238",
"T050229"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21569"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…