Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-43799 (GCVE-0-2024-43799)
Vulnerability from cvelistv5 – Published: 2024-09-10 14:45 – Updated: 2025-11-03 19:30
VLAI
EPSS
Title
send vulnerable to template injection that can lead to XSS
Summary
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
Severity
5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pillarjs/send/security/advisor… | x_refsource_CONFIRM |
| https://github.com/pillarjs/send/commit/ae4f29894… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:34:08.487499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:34:18.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:30:41.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "send",
"vendor": "pillarjs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:45:06.761Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
},
{
"name": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
}
],
"source": {
"advisory": "GHSA-m6fv-jmcg-4jfg",
"discovery": "UNKNOWN"
},
"title": "send vulnerable to template injection that can lead to XSS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43799",
"datePublished": "2024-09-10T14:45:06.761Z",
"dateReserved": "2024-08-16T14:20:37.326Z",
"dateUpdated": "2025-11-03T19:30:41.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-43799",
"date": "2026-06-09",
"epss": "0.00175",
"percentile": "0.38731"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:send_project:send:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"0.19.0\", \"matchCriteriaId\": \"2CA928EE-A0D3-44E9-B115-6FC2BF830623\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.\"}, {\"lang\": \"es\", \"value\": \"Send es una librer\\u00eda para transmitir archivos desde el sistema de archivos como una respuesta http. Send pasa la entrada de usuario no confiable a SendStream.redirect(), que ejecuta c\\u00f3digo no confiable. Este problema se solucion\\u00f3 en send 0.19.0.\"}]",
"id": "CVE-2024-43799",
"lastModified": "2024-09-20T16:57:14.687",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 5.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 2.7}]}",
"published": "2024-09-10T15:15:17.727",
"references": "[{\"url\": \"https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43799\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-10T15:15:17.727\",\"lastModified\":\"2025-11-03T20:16:29.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.\"},{\"lang\":\"es\",\"value\":\"Send es una librer\u00eda para transmitir archivos desde el sistema de archivos como una respuesta http. Send pasa la entrada de usuario no confiable a SendStream.redirect(), que ejecuta c\u00f3digo no confiable. Este problema se solucion\u00f3 en send 0.19.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:send_project:send:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.19.0\",\"matchCriteriaId\":\"2CA928EE-A0D3-44E9-B115-6FC2BF830623\"}]}]}],\"references\":[{\"url\":\"https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43799\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T19:34:08.487499Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T19:34:14.865Z\"}}], \"cna\": {\"title\": \"send vulnerable to template injection that can lead to XSS\", \"source\": {\"advisory\": \"GHSA-m6fv-jmcg-4jfg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pillarjs\", \"product\": \"send\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.19.0\"}]}], \"references\": [{\"url\": \"https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg\", \"name\": \"https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35\", \"name\": \"https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-10T14:45:06.761Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-43799\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-10T19:34:18.557Z\", \"dateReserved\": \"2024-08-16T14:20:37.326Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-10T14:45:06.761Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2024-2197
Vulnerability from csaf_certbund - Published: 2024-09-22 22:00 - Updated: 2025-03-02 23:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen ermöglichen Cross-Site Scripting und Server-Side Request Forgery
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um einen Cross-Site Scripting und Server-Side Request Forgery-Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Cognos Analytics mobile(iOS)
IBM / Cognos Analytics
|
cpe:/a:ibm:cognos_analytics:mobile%28ios%29
|
mobile(iOS) | |
|
IBM QRadar SIEM Pulse App <2.2.15
IBM / QRadar SIEM
|
Pulse App <2.2.15 | ||
|
IBM App Connect Enterprise Certified Container Operator <12.4.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.4.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <5.0.22
IBM / App Connect Enterprise
|
Certified Container Operator <5.0.22 | ||
|
IBM App Connect Enterprise Certified Container Operator <12.0.5
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.5 | ||
|
IBM App Connect Enterprise mobile(android)
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:mobile%28android%29
|
mobile(android) | |
|
IBM App Connect Enterprise <12.0.12.6
IBM / App Connect Enterprise
|
<12.0.12.6 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Cognos Analytics mobile(iOS)
IBM / Cognos Analytics
|
cpe:/a:ibm:cognos_analytics:mobile%28ios%29
|
mobile(iOS) | |
|
IBM QRadar SIEM Pulse App <2.2.15
IBM / QRadar SIEM
|
Pulse App <2.2.15 | ||
|
IBM App Connect Enterprise Certified Container Operator <12.4.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.4.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <5.0.22
IBM / App Connect Enterprise
|
Certified Container Operator <5.0.22 | ||
|
IBM App Connect Enterprise Certified Container Operator <12.0.5
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.5 | ||
|
IBM App Connect Enterprise mobile(android)
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:mobile%28android%29
|
mobile(android) | |
|
IBM App Connect Enterprise <12.0.12.6
IBM / App Connect Enterprise
|
<12.0.12.6 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Cognos Analytics mobile(iOS)
IBM / Cognos Analytics
|
cpe:/a:ibm:cognos_analytics:mobile%28ios%29
|
mobile(iOS) | |
|
IBM QRadar SIEM Pulse App <2.2.15
IBM / QRadar SIEM
|
Pulse App <2.2.15 | ||
|
IBM App Connect Enterprise Certified Container Operator <12.4.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.4.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <5.0.22
IBM / App Connect Enterprise
|
Certified Container Operator <5.0.22 | ||
|
IBM App Connect Enterprise Certified Container Operator <12.0.5
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.5 | ||
|
IBM App Connect Enterprise mobile(android)
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:mobile%28android%29
|
mobile(android) | |
|
IBM App Connect Enterprise <12.0.12.6
IBM / App Connect Enterprise
|
<12.0.12.6 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Cognos Analytics mobile(iOS)
IBM / Cognos Analytics
|
cpe:/a:ibm:cognos_analytics:mobile%28ios%29
|
mobile(iOS) | |
|
IBM QRadar SIEM Pulse App <2.2.15
IBM / QRadar SIEM
|
Pulse App <2.2.15 | ||
|
IBM App Connect Enterprise Certified Container Operator <12.4.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.4.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <5.0.22
IBM / App Connect Enterprise
|
Certified Container Operator <5.0.22 | ||
|
IBM App Connect Enterprise Certified Container Operator <12.0.5
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.5 | ||
|
IBM App Connect Enterprise mobile(android)
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:mobile%28android%29
|
mobile(android) | |
|
IBM App Connect Enterprise <12.0.12.6
IBM / App Connect Enterprise
|
<12.0.12.6 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um einen Cross-Site Scripting und Server-Side Request Forgery-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2197 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2197.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2197 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2197"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-09-22",
"url": "https://www.ibm.com/support/pages/node/7169586"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7176617 vom 2024-11-20",
"url": "https://www.ibm.com/support/pages/node/7176617"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7176660 vom 2024-11-20",
"url": "https://www.ibm.com/support/pages/node/7176660"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10906 vom 2024-12-10",
"url": "https://access.redhat.com/errata/RHSA-2024:10906"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184430 vom 2025-03-02",
"url": "https://www.ibm.com/support/pages/node/7184430"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184429 vom 2025-03-02",
"url": "https://www.ibm.com/support/pages/node/7184429"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting und Server-Side Request Forgery",
"tracking": {
"current_release_date": "2025-03-02T23:00:00.000+00:00",
"generator": {
"date": "2025-03-03T11:44:58.437+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-2197",
"initial_release_date": "2024-09-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-12-09T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.0.12.6",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.6",
"product_id": "T037773"
}
},
{
"category": "product_version",
"name": "12.0.12.6",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.6",
"product_id": "T037773-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.6"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.4.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.4.0",
"product_id": "T039342"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.4.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.4.0",
"product_id": "T039342-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.4.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.0.5",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.0.5",
"product_id": "T039343"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.0.5",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.0.5",
"product_id": "T039343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.0.5"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c5.0.22",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c5.0.22",
"product_id": "T039344"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 5.0.22",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 5.0.22",
"product_id": "T039344-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__5.0.22"
}
}
},
{
"category": "product_version",
"name": "mobile(android)",
"product": {
"name": "IBM App Connect Enterprise mobile(android)",
"product_id": "T041496",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:mobile%28android%29"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "mobile(iOS)",
"product": {
"name": "IBM Cognos Analytics mobile(iOS)",
"product_id": "T041495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:mobile%28ios%29"
}
}
}
],
"category": "product_name",
"name": "Cognos Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Pulse App \u003c2.2.15",
"product": {
"name": "IBM QRadar SIEM Pulse App \u003c2.2.15",
"product_id": "T039350"
}
},
{
"category": "product_version",
"name": "Pulse App 2.2.15",
"product": {
"name": "IBM QRadar SIEM Pulse App 2.2.15",
"product_id": "T039350-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:pulse_app__2.2.15"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43796",
"product_status": {
"known_affected": [
"T041495",
"T039350",
"T039342",
"67646",
"T039344",
"T039343",
"T041496",
"T037773"
]
},
"release_date": "2024-09-22T22:00:00.000+00:00",
"title": "CVE-2024-43796"
},
{
"cve": "CVE-2024-43799",
"product_status": {
"known_affected": [
"T041495",
"T039350",
"T039342",
"67646",
"T039344",
"T039343",
"T041496",
"T037773"
]
},
"release_date": "2024-09-22T22:00:00.000+00:00",
"title": "CVE-2024-43799"
},
{
"cve": "CVE-2024-43800",
"product_status": {
"known_affected": [
"T041495",
"T039350",
"T039342",
"67646",
"T039344",
"T039343",
"T041496",
"T037773"
]
},
"release_date": "2024-09-22T22:00:00.000+00:00",
"title": "CVE-2024-43800"
},
{
"cve": "CVE-2024-39338",
"product_status": {
"known_affected": [
"T041495",
"T039350",
"T039342",
"67646",
"T039344",
"T039343",
"T041496",
"T037773"
]
},
"release_date": "2024-09-22T22:00:00.000+00:00",
"title": "CVE-2024-39338"
}
]
}
WID-SEC-W-2024-3250
Vulnerability from csaf_certbund - Published: 2024-10-21 22:00 - Updated: 2026-02-08 23:00Summary
Red Hat OpenShift: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen, Daten zu manipulieren, vertrauliche Informationen preiszugeben, einen Cross-Site-Scripting-Angriff durchzuführen und beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Data Foundation 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:data_foundation_4
|
Data Foundation 4 | |
|
Red Hat OpenShift Container Platform <4.17.4
Red Hat / OpenShift
|
Container Platform <4.17.4 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Red Hat OpenShift <4.14.40
Red Hat / OpenShift
|
<4.14.40 | ||
|
Red Hat OpenShift Network Observability <1.7.0
Red Hat / OpenShift
|
Network Observability <1.7.0 | ||
|
Red Hat OpenShift Container Platform <4.17.15
Red Hat / OpenShift
|
Container Platform <4.17.15 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Data Foundation <4.17.7
Red Hat / OpenShift
|
Data Foundation <4.17.7 | ||
|
Red Hat OpenShift Data Foundation <4.14.18
Red Hat / OpenShift
|
Data Foundation <4.14.18 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Red Hat OpenShift Data Foundation <4.14.13
Red Hat / OpenShift
|
Data Foundation <4.14.13 | ||
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
References
39 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen preiszugeben, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3250 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3250.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3250 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3250"
},
{
"category": "external",
"summary": "Red Hat Advisory vom 2024-10-21",
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8229 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8229"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8232 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8232"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8260 vom 2024-10-24",
"url": "https://access.redhat.com/errata/RHSA-2024:8260"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8263 vom 2024-10-24",
"url": "https://access.redhat.com/errata/RHSA-2024:8263"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8581 vom 2024-10-29",
"url": "https://access.redhat.com/errata/RHSA-2024:8581"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8676 vom 2024-10-30",
"url": "https://access.redhat.com/errata/RHSA-2024:8676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8425 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8425"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8337 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8337"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8677 vom 2024-10-30",
"url": "https://access.redhat.com/errata/RHSA-2024:8677"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8428 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8428"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07",
"url": "https://access.redhat.com/errata/RHSA-2024:8692"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06",
"url": "https://access.redhat.com/errata/RHSA-2024:8688"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8697 vom 2024-11-07",
"url": "https://access.redhat.com/errata/RHSA-2024:8697"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8700 vom 2024-11-08",
"url": "https://access.redhat.com/errata/RHSA-2024:8700"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8981 vom 2024-11-13",
"url": "https://access.redhat.com/errata/RHSA-2024:8981"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10186 vom 2024-11-22",
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8704 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:8704"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10762 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10865 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10857 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10857"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10906 vom 2024-12-10",
"url": "https://access.redhat.com/errata/RHSA-2024:10906"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10895 vom 2024-12-11",
"url": "https://access.redhat.com/errata/RHSA-2024:10895"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12",
"url": "https://access.redhat.com/errata/RHSA-2024:11023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0079 vom 2025-01-08",
"url": "https://access.redhat.com/errata/RHSA-2025:0079"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0164 vom 2025-01-09",
"url": "https://access.redhat.com/errata/RHSA-2025:0164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0323 vom 2025-01-15",
"url": "https://access.redhat.com/errata/RHSA-2025:0323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0664 vom 2025-01-23",
"url": "https://access.redhat.com/errata/RHSA-2025:0664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0875 vom 2025-02-05",
"url": "https://access.redhat.com/errata/RHSA-2025:0875"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4019 vom 2025-04-23",
"url": "https://access.redhat.com/errata/RHSA-2025:4019"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8059 vom 2025-05-21",
"url": "https://access.redhat.com/errata/RHSA-2025:8059"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8479 vom 2025-06-04",
"url": "https://access.redhat.com/errata/RHSA-2025:8479"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8551 vom 2025-06-05",
"url": "https://access.redhat.com/errata/RHSA-2025:8551"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2164 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2172 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-08T23:00:00.000+00:00",
"generator": {
"date": "2026-02-09T07:12:49.263+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3250",
"initial_release_date": "2024-10-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-07T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-10T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-12T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-02T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-05T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-09T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-14T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-22T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-08T23:00:00.000+00:00",
"number": "29",
"summary": "doppelte Eintragung bereinigt"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.1",
"product": {
"name": "Atlassian Confluence \u003c10.1.1",
"product_id": "T048680"
}
},
{
"category": "product_version",
"name": "10.1.1",
"product": {
"name": "Atlassian Confluence 10.1.1",
"product_id": "T048680-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Confluence \u003c10.0.2",
"product_id": "T048685"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Confluence 10.0.2",
"product_id": "T048685-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.7",
"product": {
"name": "Atlassian Confluence \u003c9.2.7",
"product_id": "T048686"
}
},
{
"category": "product_version",
"name": "9.2.7",
"product": {
"name": "Atlassian Confluence 9.2.7",
"product_id": "T048686-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.2.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.25",
"product": {
"name": "Atlassian Confluence \u003c8.5.25",
"product_id": "T048687"
}
},
{
"category": "product_version",
"name": "8.5.25",
"product": {
"name": "Atlassian Confluence 8.5.25",
"product_id": "T048687-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.25"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T027916",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Data Foundation 4",
"product": {
"name": "Red Hat OpenShift Data Foundation 4",
"product_id": "T028133",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation_4"
}
}
},
{
"category": "product_version",
"name": "Kube Descheduler Operator 5",
"product": {
"name": "Red Hat OpenShift Kube Descheduler Operator 5",
"product_id": "T033270",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:kube_descheduler_operator_5"
}
}
},
{
"category": "product_version_range",
"name": "Network Observability \u003c1.7.0",
"product": {
"name": "Red Hat OpenShift Network Observability \u003c1.7.0",
"product_id": "T038514"
}
},
{
"category": "product_version",
"name": "Network Observability 1.7.0",
"product": {
"name": "Red Hat OpenShift Network Observability 1.7.0",
"product_id": "T038514-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:network_observability__1.7.0"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.2",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.2",
"product_id": "T038527"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.2",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.2",
"product_id": "T038527-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.14.40",
"product": {
"name": "Red Hat OpenShift \u003c4.14.40",
"product_id": "T038844"
}
},
{
"category": "product_version",
"name": "4.14.40",
"product": {
"name": "Red Hat OpenShift 4.14.40",
"product_id": "T038844-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.14.40"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.4",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.4",
"product_id": "T038989"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.4",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.4",
"product_id": "T038989-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.4"
}
}
},
{
"category": "product_version_range",
"name": "Data Foundation \u003c4.14.13",
"product": {
"name": "Red Hat OpenShift Data Foundation \u003c4.14.13",
"product_id": "T040215"
}
},
{
"category": "product_version",
"name": "Data Foundation 4.14.13",
"product": {
"name": "Red Hat OpenShift Data Foundation 4.14.13",
"product_id": "T040215-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation__4.14.13"
}
}
},
{
"category": "product_version_range",
"name": "Serverless Logic \u003c1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic \u003c1.35.0",
"product_id": "T040597"
}
},
{
"category": "product_version",
"name": "Serverless Logic 1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic 1.35.0",
"product_id": "T040597-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:serverless_logic__1.35.0"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.15",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.15",
"product_id": "T040819"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.15",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.15",
"product_id": "T040819-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.15"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.18.10",
"product_id": "T043077"
}
},
{
"category": "product_version",
"name": "Container Platform 4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18.10",
"product_id": "T043077-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.18.10"
}
}
},
{
"category": "product_version_range",
"name": "Data Foundation \u003c4.17.7",
"product": {
"name": "Red Hat OpenShift Data Foundation \u003c4.17.7",
"product_id": "T044019"
}
},
{
"category": "product_version",
"name": "Data Foundation 4.17.7",
"product": {
"name": "Red Hat OpenShift Data Foundation 4.17.7",
"product_id": "T044019-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation__4.17.7"
}
}
},
{
"category": "product_version_range",
"name": "Data Foundation \u003c4.14.18",
"product": {
"name": "Red Hat OpenShift Data Foundation \u003c4.14.18",
"product_id": "T044338"
}
},
{
"category": "product_version",
"name": "Data Foundation 4.14.18",
"product": {
"name": "Red Hat OpenShift Data Foundation 4.14.18",
"product_id": "T044338-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:data_foundation__4.14.18"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-34155"
},
{
"cve": "CVE-2024-34156",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-34156"
},
{
"cve": "CVE-2024-34158",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-34158"
},
{
"cve": "CVE-2024-39338",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-39338"
},
{
"cve": "CVE-2024-43788",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-43788"
},
{
"cve": "CVE-2024-43796",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-43796"
},
{
"cve": "CVE-2024-43799",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-43799"
},
{
"cve": "CVE-2024-43800",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-43800"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45590",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-45590"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T028133",
"T038989",
"67646",
"T038527",
"T048680",
"T038844",
"T038514",
"T040819",
"T027916",
"T033270",
"T044019",
"T044338",
"T048685",
"T040215",
"T040597",
"T043077",
"T048677",
"T048676",
"T048687",
"T048675",
"T048686"
]
},
"release_date": "2024-10-21T22:00:00.000+00:00",
"title": "CVE-2024-45801"
}
]
}
WID-SEC-W-2024-3344
Vulnerability from csaf_certbund - Published: 2024-11-05 23:00 - Updated: 2024-12-18 23:00Summary
HCL BigFix WebUI: Mehrere Open Source Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix WebU ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität zu gefährden.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix WebU ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3344 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3344.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3344 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3344"
},
{
"category": "external",
"summary": "HCL BigFix Security Advisory vom 2024-11-05",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=e8e9f77b936dd6100dddf87d1dba103d"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-12-18",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=1af3c435fb2216d0db10f2797befdc15"
}
],
"source_lang": "en-US",
"title": "HCL BigFix WebUI: Mehrere Open Source Schwachstellen",
"tracking": {
"current_release_date": "2024-12-18T23:00:00.000+00:00",
"generator": {
"date": "2024-12-19T09:12:54.292+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-3344",
"initial_release_date": "2024-11-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-12-18T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T036098",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
},
{
"category": "product_version",
"name": "Server Automation",
"product": {
"name": "HCL BigFix Server Automation",
"product_id": "T039915",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:server_automation"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26159",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2023-26159"
},
{
"cve": "CVE-2023-45857",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2023-45857"
},
{
"cve": "CVE-2024-21501",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-21501"
},
{
"cve": "CVE-2024-33883",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-33883"
},
{
"cve": "CVE-2024-35255",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-35255"
},
{
"cve": "CVE-2024-38996",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-38996"
},
{
"cve": "CVE-2024-43796",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-43796"
},
{
"cve": "CVE-2024-43799",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-43799"
},
{
"cve": "CVE-2024-43800",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-43800"
},
{
"cve": "CVE-2024-45296",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45590",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-45590"
},
{
"cve": "CVE-2024-8372",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-8372"
},
{
"cve": "CVE-2024-8373",
"notes": [
{
"category": "description",
"text": "In HCL BigFix existieren mehrere Schwachstellen in mehreren Third Party Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T039915",
"T036098"
]
},
"release_date": "2024-11-05T23:00:00.000+00:00",
"title": "CVE-2024-8373"
}
]
}
WID-SEC-W-2025-0043
Vulnerability from csaf_certbund - Published: 2025-01-12 23:00 - Updated: 2025-03-17 23:00Summary
IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.10
IBM / App Connect Enterprise
|
<12.0.12.10 | ||
|
IBM App Connect Enterprise <13.0.2.1
IBM / App Connect Enterprise
|
<13.0.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM Log Source Management App <7.0.11
IBM / QRadar SIEM
|
Log Source Management App <7.0.11 | ||
|
IBM QRadar SIEM Data Synchronization App <3.2.1
IBM / QRadar SIEM
|
Data Synchronization App <3.2.1 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
10 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0043 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0043.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0043 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0043"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-01-12",
"url": "https://www.ibm.com/support/pages/node/7180725"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7181570 vom 2025-01-24",
"url": "https://www.ibm.com/support/pages/node/7181570"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7181915 vom 2025-01-29",
"url": "https://www.ibm.com/support/pages/node/7181915"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0892 vom 2025-02-03",
"url": "https://access.redhat.com/errata/RHSA-2025:0892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1051 vom 2025-02-05",
"url": "https://access.redhat.com/errata/RHSA-2025:1051"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184092 vom 2025-02-25",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184955 vom 2025-03-06",
"url": "https://www.ibm.com/support/pages/node/7184955"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7186423 vom 2025-03-17",
"url": "https://www.ibm.com/support/pages/node/7186423"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-17T23:00:00.000+00:00",
"generator": {
"date": "2025-03-18T09:12:53.448+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0043",
"initial_release_date": "2025-01-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-29T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-02T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "7",
"summary": "Produktzuordnung korrigiert"
},
{
"date": "2025-03-06T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.2.1",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.2.1",
"product_id": "T040605"
}
},
{
"category": "product_version",
"name": "13.0.2.1",
"product": {
"name": "IBM App Connect Enterprise 13.0.2.1",
"product_id": "T040605-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.2.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.10",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.10",
"product_id": "T040606"
}
},
{
"category": "product_version",
"name": "12.0.12.10",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.10",
"product_id": "T040606-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.10"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Log Source Management App \u003c7.0.11",
"product": {
"name": "IBM QRadar SIEM Log Source Management App \u003c7.0.11",
"product_id": "T040117"
}
},
{
"category": "product_version",
"name": "Log Source Management App 7.0.11",
"product": {
"name": "IBM QRadar SIEM Log Source Management App 7.0.11",
"product_id": "T040117-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:log_source_management_app__7.0.11"
}
}
},
{
"category": "product_version",
"name": "7.5.0",
"product": {
"name": "IBM QRadar SIEM 7.5.0",
"product_id": "T041207",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0"
}
}
},
{
"category": "product_version_range",
"name": "Data Synchronization App \u003c3.2.1",
"product": {
"name": "IBM QRadar SIEM Data Synchronization App \u003c3.2.1",
"product_id": "T041488"
}
},
{
"category": "product_version",
"name": "Data Synchronization App 3.2.1",
"product": {
"name": "IBM QRadar SIEM Data Synchronization App 3.2.1",
"product_id": "T041488-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:data_synchronization_app__3.2.1"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43788",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43788"
},
{
"cve": "CVE-2024-43796",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43796"
},
{
"cve": "CVE-2024-43799",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43799"
},
{
"cve": "CVE-2024-43800",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-43800"
},
{
"cve": "CVE-2024-47068",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47068"
},
{
"cve": "CVE-2024-47875",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-21536",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-21536"
},
{
"cve": "CVE-2024-21538",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-21538"
},
{
"cve": "CVE-2024-33883",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-33883"
},
{
"cve": "CVE-2024-37890",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-37890"
},
{
"cve": "CVE-2024-4067",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-4067"
},
{
"cve": "CVE-2024-4068",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45590",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45590"
},
{
"cve": "CVE-2024-48948",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-48948"
},
{
"cve": "CVE-2024-48949",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-48949"
},
{
"cve": "CVE-2024-52798",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-52798"
},
{
"cve": "CVE-2024-55565",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-55565"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-42459",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42459"
},
{
"cve": "CVE-2024-42460",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42460"
},
{
"cve": "CVE-2024-42461",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-42461"
},
{
"cve": "CVE-2024-47764",
"product_status": {
"known_affected": [
"T040606",
"T040605",
"67646",
"T041207",
"T040117",
"T041488",
"T032495"
]
},
"release_date": "2025-01-12T23:00:00.000+00:00",
"title": "CVE-2024-47764"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…