Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-15467 (GCVE-0-2025-15467)
Vulnerability from cvelistv5 – Published: 2026-01-27 16:01 – Updated: 2026-06-09 09:02
VLAI
EPSS
Title
Stack buffer overflow in CMS (Auth)EnvelopedData parsing
Summary
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.
Because the overflow occurs prior to authentication, no valid key material
is required to trigger it. While exploitability to remote code execution
depends on platform and toolchain mitigations, the stack-based write
primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
10 references
Impacted products
210 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.6.0 , < 3.6.1
(semver)
Affected: 3.5.0 , < 3.5.5 (semver) Affected: 3.4.0 , < 3.4.4 (semver) Affected: 3.3.0 , < 3.3.6 (semver) Affected: 3.0.0 , < 3.0.19 (semver) |
|
| Siemens | AI Lightweight Inference Server |
Affected:
0 , < *
(custom)
|
|
| Siemens | Connector for Azure |
Affected:
0 , < V1.8.0
(custom)
|
|
| Siemens | Databus |
Affected:
0 , < V3.3.2
(custom)
|
|
| Siemens | HiMed Cockpit |
Affected:
0 , < *
(custom)
|
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) EU |
Affected:
0 , < *
(custom)
|
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) NAM |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE LPE9403 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE LPE9413 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE LPE9433 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M804PB |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M812-1 ADSL-Router family |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M816-1 ADSL-Router family |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M826-2 SHDSL-Router |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M874-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M874-3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M874-3 3G-Router (CN) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-3 (ROK) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-4 (EU) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE M876-4 (NAM) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUB852-1 (A1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUB852-1 (B1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (A1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (B1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (EU) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (A1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (B1) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (CN) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (EU) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (RoW) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE S615 EEC LAN-Router |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE S615 LAN-Router |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC622-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC626-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC632-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC636-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC642-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE SC646-2C |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAB762-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM763-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM763-1 (ME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM763-1 (US) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 (ME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 (US) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC (ME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC (US) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUB762-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUB762-1 iFeatures |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM763-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM763-1 (US) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM766-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM766-1 (ME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE WUM766-1 (USA) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X200-4P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X201-3P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X201-3P IRT PRO |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X202-2IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X202-2P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X202-2P IRT PRO |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2FM |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2LD TS |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204-2TS |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204IRT PRO |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA (HSR) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA (PRP) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (HSR) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (PRP) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (PRP/HSR) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X206-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X206-1LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X208 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X208PRO |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X212-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X212-2LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X216 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X224 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (230V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (230V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (24V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (2x 230V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (2x 230V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (2x 24V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X302-7 EEC (2x 24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X304-2FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X306-1LD FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (230V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (230V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (24V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (2x 230V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (2x 230V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (2x 24V, coated) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-2 EEC (2x 24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X307-3LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2LD |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2LH |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2LH+ |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2M |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2M PoE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X308-2M TS |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X310 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X310FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X320-1 FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X320-1-2LD FE |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE X408-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC316-8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC324-4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC324-4 EEC |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC332 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC416-8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC424-4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC432 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF201-3P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF202-2P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF204 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF204-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF204-2BA IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF204IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF206-1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XF208 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR302-32 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR322-12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M (230V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M (230V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M (24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M (24V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-12M TS (24V) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (24V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (2x 24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M EEC (2x 24V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE (230V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE (230V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE (24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE (24V, ports on rear) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR324-4M PoE TS (24V, ports on front) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR326-8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR326-8 EEC |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR502-32 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR522-12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR524-8WG |
Affected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XR526-8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Shopfloor IT Suite |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIDIS Prime |
Affected:
V4.0.700 , < *
(custom)
|
|
| Siemens | Siemens OPC UA Modelling Editor (SiOME) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC Comfort/Mobile RT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC eaSie Core Package |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC eaSie PCS 7 Skill Package |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC HMI Basic Panels |
Affected:
0 , < V17.9
(custom)
|
|
| Siemens | SIMATIC HMI Comfort Panels |
Affected:
0 , < V17.9
(custom)
|
|
| Siemens | SIMATIC HMI Mobile Panels |
Affected:
0 , < V17 Update 9
(custom)
|
|
| Siemens | SIMATIC IOT2050 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC IPC BX-21A |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC IPC MD-57A |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC IPC ORCLA |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV530 H |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV530 S |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV540 H |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV540 H CRANES |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV540 S |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV550 H |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV550 S |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV560 U |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC MV560 X |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC PDM V9.3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC RTLS Locating Manager |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC STEP 7 V5 |
Affected:
0 , < V5.7 SP4
(custom)
|
|
| Siemens | SIMATIC Target |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC OA V3.19 |
Affected:
0 , < V3.19 P024
(custom)
|
|
| Siemens | SIMATIC WinCC OA V3.20 |
Affected:
0 , < V3.20 P012
(custom)
|
|
| Siemens | SIMATIC WinCC OA V3.21 |
Affected:
0 , < V3.21 P02
(custom)
|
|
| Siemens | SIMATIC WinCC Runtime Advanced V17 |
Affected:
0 , < V17 Update 9
(custom)
|
|
| Siemens | SIMATIC WinCC Unified Sequence |
Affected:
0 , < V21
(custom)
|
|
| Siemens | SIMATIC WinCC V7.5 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC V8.0 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC V8.1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOTION OACAMGEN |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOVE Fleetmanager V3.1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOVE Fleetmanager V3.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMOVE Fleetmanager V3.3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SINAMICS G200 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINAMICS G220 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINAMICS S200 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINAMICS S210 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINAMICS S220 |
Affected:
V6.3 , < *
(custom)
|
|
| Siemens | SINEC INS |
Affected:
0 , < V1.0 SP2 Update 5
(custom)
|
|
| Siemens | SINEC NMS |
Affected:
0 , < *
(custom)
|
|
| Siemens | SINEC Security Monitor |
Affected:
0 , < *
(custom)
|
|
| Siemens | SINUMERIK Access MyMachine /OPC UA |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLANT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE X202-2P IRT |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE X308-2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SITRANS ASM IQ |
Affected:
0 , < *
(custom)
|
|
| Siemens | SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ) |
Affected:
0 , < *
(custom)
|
|
| Siemens | User Management Component (UMC) |
Affected:
0 , < V2.15.3.0
(custom)
|
|
| Siemens | Visual Inspection Cockpit |
Affected:
0 , < *
(custom)
|
Date Public
2026-01-27 14:00
Credits
Stanislav Fort (Aisle Research)
Igor Ustinov
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-25T21:10:03.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/27/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/25/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15467",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T03:55:41.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/guiimoraes/CVE-2025-15467"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "AI Lightweight Inference Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Connector for Azure",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Databus",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "HiMed Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE LPE9403",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE LPE9413",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE LPE9433",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3 3G-Router (CN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUB852-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUB852-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (CN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC622-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC626-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC632-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC636-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC642-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC646-2C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1 iFeatures",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA (HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA (PRP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (PRP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (PRP/HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC316-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC324-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC324-4 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC332",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC416-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC424-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC432",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR302-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR302-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR302-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR322-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR322-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR322-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-8 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR502-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR502-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR502-32",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR522-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR522-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR522-12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Shopfloor IT Suite",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIDIS Prime",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V4.0.700",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Siemens OPC UA Modelling Editor (SiOME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Comfort/Mobile RT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC eaSie Core Package",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC eaSie PCS 7 Skill Package",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Basic Panels",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Panels",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Mobile Panels",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IOT2050",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IPC BX-21A",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IPC MD-57A",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC IPC ORCLA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV530 H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV530 S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 H CRANES",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV550 H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV550 S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV560 U",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV560 X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PDM V9.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.7 SP4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Target",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.19 P024",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.20 P012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.21",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.21 P02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Advanced V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified Sequence",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V8.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V8.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION OACAMGEN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOVE Fleetmanager V3.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOVE Fleetmanager V3.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOVE Fleetmanager V3.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G220",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S210",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S220",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V6.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC Security Monitor",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK Access MyMachine /OPC UA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLANT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITRANS ASM IQ",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "User Management Component (UMC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Visual Inspection Cockpit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:02:04.779Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434797.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Ustinov"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\u003cbr\u003emaliciously crafted AEAD parameters can trigger a stack buffer overflow.\u003cbr\u003e\u003cbr\u003eImpact summary: A stack buffer overflow may lead to a crash, causing Denial\u003cbr\u003eof Service, or potentially remote code execution.\u003cbr\u003e\u003cbr\u003eWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\u003cbr\u003eAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\u003cbr\u003ecopied into a fixed-size stack buffer without verifying that its length fits\u003cbr\u003ethe destination. An attacker can supply a crafted CMS message with an\u003cbr\u003eoversized IV, causing a stack-based out-of-bounds write before any\u003cbr\u003eauthentication or tag verification occurs.\u003cbr\u003e\u003cbr\u003eApplications and services that parse untrusted CMS or PKCS#7 content using\u003cbr\u003eAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\u003cbr\u003eBecause the overflow occurs prior to authentication, no valid key material\u003cbr\u003eis required to trigger it. While exploitability to remote code execution\u003cbr\u003edepends on platform and toolchain mitigations, the stack-based write\u003cbr\u003eprimitive represents a severe risk.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"value": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "High"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T17:44:51.846Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9"
},
{
"name": "3.0.19 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack buffer overflow in CMS (Auth)EnvelopedData parsing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-15467",
"datePublished": "2026-01-27T16:01:19.922Z",
"dateReserved": "2026-01-06T09:26:41.631Z",
"dateUpdated": "2026-06-09T09:02:04.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-15467",
"date": "2026-06-10",
"epss": "0.02889",
"percentile": "0.86624"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-15467\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-01-27T16:16:14.257\",\"lastModified\":\"2026-06-09T10:16:33.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\\n\\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\\nof Service, or potentially remote code execution.\\n\\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\\ncopied into a fixed-size stack buffer without verifying that its length fits\\nthe destination. An attacker can supply a crafted CMS message with an\\noversized IV, causing a stack-based out-of-bounds write before any\\nauthentication or tag verification occurs.\\n\\nApplications and services that parse untrusted CMS or PKCS#7 content using\\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\\nBecause the overflow occurs prior to authentication, no valid key material\\nis required to trigger it. While exploitability to remote code execution\\ndepends on platform and toolchain mitigations, the stack-based write\\nprimitive represents a severe risk.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\\nissue, as the CMS implementation is outside the OpenSSL FIPS module\\nboundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\\n\\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\"},{\"lang\":\"es\",\"value\":\"Resumen del problema: Analizar un mensaje CMS AuthEnvelopedData con par\u00e1metros AEAD creados maliciosamente puede desencadenar un desbordamiento de b\u00fafer de pila.\\n\\nResumen del impacto: Un desbordamiento de b\u00fafer de pila puede provocar un fallo, causando Denegaci\u00f3n de Servicio, o potencialmente ejecuci\u00f3n remota de c\u00f3digo.\\n\\nAl analizar estructuras CMS AuthEnvelopedData que utilizan cifrados AEAD como AES-GCM, el IV (Vector de Inicializaci\u00f3n) codificado en los par\u00e1metros ASN.1 se copia en un b\u00fafer de pila de tama\u00f1o fijo sin verificar que su longitud se ajuste al destino. Un atacante puede proporcionar un mensaje CMS manipulado con un IV de tama\u00f1o excesivo, causando una escritura fuera de l\u00edmites basada en pila antes de que ocurra cualquier autenticaci\u00f3n o verificaci\u00f3n de etiqueta.\\n\\nLas aplicaciones y servicios que analizan contenido CMS o PKCS#7 no confiable utilizando cifrados AEAD (por ejemplo, S/MIME AuthEnvelopedData con AES-GCM) son vulnerables. Debido a que el desbordamiento ocurre antes de la autenticaci\u00f3n, no se requiere material de clave v\u00e1lido para desencadenarlo. Si bien la explotabilidad para la ejecuci\u00f3n remota de c\u00f3digo depende de las mitigaciones de la plataforma y la cadena de herramientas, la primitiva de escritura basada en pila representa un riesgo grave.\\n\\nLos m\u00f3dulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de CMS est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3 y 3.0 son vulnerables a este problema.\\n\\nOpenSSL 1.1.1 y 1.0.2 no se ven afectados por este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.19\",\"matchCriteriaId\":\"C76C5F55-5243-4461-82F5-2FEBFF4D59FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndExcluding\":\"3.3.6\",\"matchCriteriaId\":\"791BA794-23EF-4671-B96B-3A7E3BF52490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.4\",\"matchCriteriaId\":\"B9D3DCAE-317D-4DFB-93F0-7A235A229619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.5\",\"matchCriteriaId\":\"1CAC7CBE-EC03-4089-938A-0CEEB2E09B62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"68352537-5E99-4F4D-B78A-BCF0353A70A5\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://openssl-library.org/news/secadv/20260127.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/01/27/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/02/25/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-434797.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://github.com/guiimoraes/CVE-2025-15467\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/01/27/10\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2026/02/25/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-02-25T21:10:03.795Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"AI Lightweight Inference Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Connector for Azure\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.8.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Databus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"HiMed Cockpit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RM1224 LTE(4G) EU\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RM1224 LTE(4G) NAM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE LPE9403\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE LPE9413\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE LPE9433\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M804PB\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M812-1 ADSL-Router family\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M816-1 ADSL-Router family\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M826-2 SHDSL-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M874-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M874-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M874-3 3G-Router (CN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-3 (ROK)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE M876-4 (NAM)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUB852-1 (A1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUB852-1 (B1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM853-1 (A1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM853-1 (B1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM853-1 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (A1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (B1)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (CN)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (EU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE MUM856-1 (RoW)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE S615 EEC LAN-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE S615 LAN-Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC622-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC626-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC632-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC636-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC642-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE SC646-2C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAB762-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM763-1 (ME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM763-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 (ME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 EEC (ME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WAM766-1 EEC (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUB762-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUB762-1 iFeatures\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM763-1 (US)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM766-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM766-1 (ME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE WUM766-1 (USA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X200-4P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X200-4P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X201-3P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X202-2P IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2FM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2LD TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204-2TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204IRT PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA (HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA (PRP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (PRP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (PRP/HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X206-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X206-1LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X208PRO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X212-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X212-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X216\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X224\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X302-7 EEC (2x 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X304-2FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X306-1LD FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 230V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 230V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 24V, coated)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-2 EEC (2x 24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X307-3LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH+\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2LH+\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M PoE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X308-2M TS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X310FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X320-1 FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X320-1-2LD FE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X408-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC316-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC324-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC324-4 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC332\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC416-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC424-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC432\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF201-3P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204-2BA IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF204IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF206-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XF208\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR302-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR302-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR302-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR322-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR322-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR322-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M TS (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-12M TS (24V)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M EEC (2x 24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (230V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE (24V, ports on rear)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE TS (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR324-4M PoE TS (24V, ports on front)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR326-8 EEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR502-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR502-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR502-32\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR522-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR522-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR522-12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR524-8WG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XR526-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Shopfloor IT Suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIDIS Prime\", \"versions\": [{\"status\": \"affected\", \"version\": \"V4.0.700\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Siemens OPC UA Modelling Editor (SiOME)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Comfort/Mobile RT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC eaSie Core Package\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC eaSie PCS 7 Skill Package\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC HMI Basic Panels\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17.9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC HMI Comfort Panels\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17.9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC HMI Mobile Panels\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IOT2050\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC BX-21A\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC MD-57A\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC ORCLA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV530 H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV530 S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV540 H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV540 H CRANES\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV540 S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV550 H\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV550 S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV560 U\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC MV560 X\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PDM V9.3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC STEP 7 V5\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.7 SP4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC Target\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC OA V3.19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.19 P024\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC OA V3.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.20 P012\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC OA V3.21\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.21 P02\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Runtime Advanced V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Unified Sequence\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V21\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V7.5\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC V8.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOTION OACAMGEN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOVE Fleetmanager V3.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOVE Fleetmanager V3.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMOVE Fleetmanager V3.3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS G200\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS G220\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS S200\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS S210\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINAMICS S220\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.3\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC INS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.0 SP2 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC Security Monitor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINUMERIK Access MyMachine /OPC UA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLANT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE X202-2P IRT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET SCALANCE X308-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SITRANS ASM IQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"User Management Component (UMC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.15.3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Visual Inspection Cockpit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-434797.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-06-09T09:02:04.779Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-15467\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-19T18:39:38.156023Z\"}}}], \"references\": [{\"url\": \"https://github.com/guiimoraes/CVE-2025-15467\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T14:50:51.477Z\"}}], \"cna\": {\"title\": \"Stack buffer overflow in CMS (Auth)EnvelopedData parsing\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Stanislav Fort (Aisle Research)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Igor Ustinov\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"High\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.19\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-27T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20260127.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703\", \"name\": \"3.6.1 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc\", \"name\": \"3.5.5 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3\", \"name\": \"3.4.4 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9\", \"name\": \"3.3.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e\", \"name\": \"3.0.19 git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\\n\\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\\nof Service, or potentially remote code execution.\\n\\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\\ncopied into a fixed-size stack buffer without verifying that its length fits\\nthe destination. An attacker can supply a crafted CMS message with an\\noversized IV, causing a stack-based out-of-bounds write before any\\nauthentication or tag verification occurs.\\n\\nApplications and services that parse untrusted CMS or PKCS#7 content using\\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\\nBecause the overflow occurs prior to authentication, no valid key material\\nis required to trigger it. While exploitability to remote code execution\\ndepends on platform and toolchain mitigations, the stack-based write\\nprimitive represents a severe risk.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\\nissue, as the CMS implementation is outside the OpenSSL FIPS module\\nboundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\\n\\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\u003cbr\u003emaliciously crafted AEAD parameters can trigger a stack buffer overflow.\u003cbr\u003e\u003cbr\u003eImpact summary: A stack buffer overflow may lead to a crash, causing Denial\u003cbr\u003eof Service, or potentially remote code execution.\u003cbr\u003e\u003cbr\u003eWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\u003cbr\u003eAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\u003cbr\u003ecopied into a fixed-size stack buffer without verifying that its length fits\u003cbr\u003ethe destination. An attacker can supply a crafted CMS message with an\u003cbr\u003eoversized IV, causing a stack-based out-of-bounds write before any\u003cbr\u003eauthentication or tag verification occurs.\u003cbr\u003e\u003cbr\u003eApplications and services that parse untrusted CMS or PKCS#7 content using\u003cbr\u003eAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\u003cbr\u003eBecause the overflow occurs prior to authentication, no valid key material\u003cbr\u003eis required to trigger it. While exploitability to remote code execution\u003cbr\u003edepends on platform and toolchain mitigations, the stack-based write\u003cbr\u003eprimitive represents a severe risk.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2026-02-25T17:44:51.846Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-15467\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-09T09:02:04.779Z\", \"dateReserved\": \"2026-01-06T09:26:41.631Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2026-01-27T16:01:19.922Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:20223-1
Vulnerability from csaf_suse - Published: 2026-02-02 12:59 - Updated: 2026-02-02 12:59Summary
Security update for openssl-3
Severity
Important
Notes
Title of the patch: Security update for openssl-3
Description of the patch: This update for openssl-3 fixes the following issues:
Security fixes:
- CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829).
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831).
- CVE-2025-15469: "openssl dgst" one-shot codepath silently truncates inputs >16MB (bsc#1256832).
- CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Other fixes:
- Enable livepatching support for ppc64le (bsc#1257274).
Patchnames: SUSE-SLES-16.0-237
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
56 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\nSecurity fixes:\n\n - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829).\n - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).\n - CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831).\n - CVE-2025-15469: \"openssl dgst\" one-shot codepath silently truncates inputs \u003e16MB (bsc#1256832).\n - CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833).\n - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).\n - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).\n - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).\n - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).\n - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).\n - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).\n - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).\n\nOther fixes:\n\n- Enable livepatching support for ppc64le (bsc#1257274).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-237",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20223-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20223-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620223-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20223-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024064.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256829",
"url": "https://bugzilla.suse.com/1256829"
},
{
"category": "self",
"summary": "SUSE Bug 1256830",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "self",
"summary": "SUSE Bug 1256831",
"url": "https://bugzilla.suse.com/1256831"
},
{
"category": "self",
"summary": "SUSE Bug 1256832",
"url": "https://bugzilla.suse.com/1256832"
},
{
"category": "self",
"summary": "SUSE Bug 1256833",
"url": "https://bugzilla.suse.com/1256833"
},
{
"category": "self",
"summary": "SUSE Bug 1256834",
"url": "https://bugzilla.suse.com/1256834"
},
{
"category": "self",
"summary": "SUSE Bug 1256835",
"url": "https://bugzilla.suse.com/1256835"
},
{
"category": "self",
"summary": "SUSE Bug 1256836",
"url": "https://bugzilla.suse.com/1256836"
},
{
"category": "self",
"summary": "SUSE Bug 1256837",
"url": "https://bugzilla.suse.com/1256837"
},
{
"category": "self",
"summary": "SUSE Bug 1256838",
"url": "https://bugzilla.suse.com/1256838"
},
{
"category": "self",
"summary": "SUSE Bug 1256839",
"url": "https://bugzilla.suse.com/1256839"
},
{
"category": "self",
"summary": "SUSE Bug 1256840",
"url": "https://bugzilla.suse.com/1256840"
},
{
"category": "self",
"summary": "SUSE Bug 1257274",
"url": "https://bugzilla.suse.com/1257274"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15469 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66199 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22796 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22796/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2026-02-02T12:59:47Z",
"generator": {
"date": "2026-02-02T12:59:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20223-1",
"initial_release_date": "2026-02-02T12:59:47Z",
"revision_history": [
{
"date": "2026-02-02T12:59:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"product_id": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-160000.5.1.aarch64",
"product": {
"name": "libopenssl3-3.5.0-160000.5.1.aarch64",
"product_id": "libopenssl3-3.5.0-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-160000.5.1.aarch64",
"product": {
"name": "openssl-3-3.5.0-160000.5.1.aarch64",
"product_id": "openssl-3-3.5.0-160000.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.5.0-160000.5.1.noarch",
"product": {
"name": "openssl-3-doc-3.5.0-160000.5.1.noarch",
"product_id": "openssl-3-doc-3.5.0-160000.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"product_id": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-160000.5.1.ppc64le",
"product": {
"name": "libopenssl3-3.5.0-160000.5.1.ppc64le",
"product_id": "libopenssl3-3.5.0-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-160000.5.1.ppc64le",
"product": {
"name": "openssl-3-3.5.0-160000.5.1.ppc64le",
"product_id": "openssl-3-3.5.0-160000.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"product_id": "libopenssl-3-devel-3.5.0-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-160000.5.1.s390x",
"product": {
"name": "libopenssl3-3.5.0-160000.5.1.s390x",
"product_id": "libopenssl3-3.5.0-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-160000.5.1.s390x",
"product": {
"name": "openssl-3-3.5.0-160000.5.1.s390x",
"product_id": "openssl-3-3.5.0-160000.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl3-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl3-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"product_id": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-160000.5.1.x86_64",
"product": {
"name": "openssl-3-3.5.0-160000.5.1.x86_64",
"product_id": "openssl-3-3.5.0-160000.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.0-160000.5.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
},
"product_reference": "openssl-3-doc-3.5.0-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-160000.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64"
},
"product_reference": "openssl-3-3.5.0-160000.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.0-160000.5.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
},
"product_reference": "openssl-3-doc-3.5.0-160000.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11187"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11187",
"url": "https://www.suse.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "SUSE Bug 1256829 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256829"
},
{
"category": "external",
"summary": "SUSE Bug 1256878 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "important"
}
],
"title": "CVE-2025-11187"
},
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "external",
"summary": "SUSE Bug 1256876 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-15468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15468"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15468",
"url": "https://www.suse.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "SUSE Bug 1256831 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256831"
},
{
"category": "external",
"summary": "SUSE Bug 1256880 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "important"
}
],
"title": "CVE-2025-15468"
},
{
"cve": "CVE-2025-15469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15469"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: The \u0027openssl dgst\u0027 command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the \u0027openssl dgst\u0027 command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n\u0027openssl dgst\u0027 command. Streaming digest algorithms for \u0027openssl dgst\u0027 and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15469",
"url": "https://www.suse.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "SUSE Bug 1256832 for CVE-2025-15469",
"url": "https://bugzilla.suse.com/1256832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-15469"
},
{
"cve": "CVE-2025-66199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66199"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66199",
"url": "https://www.suse.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "SUSE Bug 1256833 for CVE-2025-66199",
"url": "https://bugzilla.suse.com/1256833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-66199"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22796"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22796",
"url": "https://www.suse.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "SUSE Bug 1256840 for CVE-2026-22796",
"url": "https://bugzilla.suse.com/1256840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-devel-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libopenssl3-x86-64-v3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-3.5.0-160000.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-doc-3.5.0-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T12:59:47Z",
"details": "moderate"
}
],
"title": "CVE-2026-22796"
}
]
}
SUSE-SU-2026:20349-1
Vulnerability from csaf_suse - Published: 2026-02-12 14:47 - Updated: 2026-02-12 14:47Summary
Security update for openssl-3
Severity
Critical
Notes
Title of the patch: Security update for openssl-3
Description of the patch: This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Patchnames: SUSE-SLE-Micro-6.0-572
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.2 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n \n - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).\n - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).\n - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).\n - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).\n - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).\n - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).\n - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).\n - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-572",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20349-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20349-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620349-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20349-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024281.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256830",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "self",
"summary": "SUSE Bug 1256834",
"url": "https://bugzilla.suse.com/1256834"
},
{
"category": "self",
"summary": "SUSE Bug 1256835",
"url": "https://bugzilla.suse.com/1256835"
},
{
"category": "self",
"summary": "SUSE Bug 1256836",
"url": "https://bugzilla.suse.com/1256836"
},
{
"category": "self",
"summary": "SUSE Bug 1256837",
"url": "https://bugzilla.suse.com/1256837"
},
{
"category": "self",
"summary": "SUSE Bug 1256838",
"url": "https://bugzilla.suse.com/1256838"
},
{
"category": "self",
"summary": "SUSE Bug 1256839",
"url": "https://bugzilla.suse.com/1256839"
},
{
"category": "self",
"summary": "SUSE Bug 1256840",
"url": "https://bugzilla.suse.com/1256840"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22796 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22796/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2026-02-12T14:47:03Z",
"generator": {
"date": "2026-02-12T14:47:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20349-1",
"initial_release_date": "2026-02-12T14:47:03Z",
"revision_history": [
{
"date": "2026-02-12T14:47:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-11.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-11.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-11.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-11.1.aarch64",
"product_id": "libopenssl3-3.1.4-11.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-11.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-11.1.aarch64",
"product_id": "openssl-3-3.1.4-11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-11.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-11.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-11.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-11.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-11.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-11.1.s390x",
"product_id": "libopenssl3-3.1.4-11.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-11.1.s390x",
"product": {
"name": "openssl-3-3.1.4-11.1.s390x",
"product_id": "openssl-3-3.1.4-11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-11.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-11.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-11.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-11.1.x86_64",
"product_id": "libopenssl3-3.1.4-11.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-11.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-11.1.x86_64",
"product_id": "openssl-3-3.1.4-11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-11.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-11.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-11.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-11.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-11.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-11.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-11.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-11.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-11.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-11.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-11.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-11.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-11.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x"
},
"product_reference": "openssl-3-3.1.4-11.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-11.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "external",
"summary": "SUSE Bug 1256876 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T14:47:03Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T14:47:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T14:47:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T14:47:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T14:47:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T14:47:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T14:47:03Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22796"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22796",
"url": "https://www.suse.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "SUSE Bug 1256840 for CVE-2026-22796",
"url": "https://bugzilla.suse.com/1256840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-11.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T14:47:03Z",
"details": "moderate"
}
],
"title": "CVE-2026-22796"
}
]
}
SUSE-SU-2026:20373-1
Vulnerability from csaf_suse - Published: 2026-02-16 08:54 - Updated: 2026-02-16 08:54Summary
Security update for openssl-3
Severity
Moderate
Notes
Title of the patch: Security update for openssl-3
Description of the patch: This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Patchnames: SUSE-SLE-Micro-6.1-395
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).\n - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).\n - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).\n - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).\n - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).\n - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).\n - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).\n - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-395",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20373-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20373-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620373-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20373-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024318.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256830",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "self",
"summary": "SUSE Bug 1256834",
"url": "https://bugzilla.suse.com/1256834"
},
{
"category": "self",
"summary": "SUSE Bug 1256835",
"url": "https://bugzilla.suse.com/1256835"
},
{
"category": "self",
"summary": "SUSE Bug 1256836",
"url": "https://bugzilla.suse.com/1256836"
},
{
"category": "self",
"summary": "SUSE Bug 1256837",
"url": "https://bugzilla.suse.com/1256837"
},
{
"category": "self",
"summary": "SUSE Bug 1256838",
"url": "https://bugzilla.suse.com/1256838"
},
{
"category": "self",
"summary": "SUSE Bug 1256839",
"url": "https://bugzilla.suse.com/1256839"
},
{
"category": "self",
"summary": "SUSE Bug 1256840",
"url": "https://bugzilla.suse.com/1256840"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69418 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-69421 page",
"url": "https://www.suse.com/security/cve/CVE-2025-69421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22796 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22796/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2026-02-16T08:54:36Z",
"generator": {
"date": "2026-02-16T08:54:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20373-1",
"initial_release_date": "2026-02-16T08:54:36Z",
"revision_history": [
{
"date": "2026-02-16T08:54:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"product_id": "libopenssl3-3.1.4-slfo.1.1_8.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"product_id": "openssl-3-3.1.4-slfo.1.1_8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"product_id": "libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"product_id": "openssl-3-3.1.4-slfo.1.1_8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"product_id": "libopenssl3-3.1.4-slfo.1.1_8.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"product_id": "openssl-3-3.1.4-slfo.1.1_8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"product_id": "libopenssl3-3.1.4-slfo.1.1_8.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_8.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_8.1.x86_64",
"product_id": "openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_8.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_8.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_8.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_8.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_8.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "external",
"summary": "SUSE Bug 1256876 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-16T08:54:36Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-68160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68160"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68160",
"url": "https://www.suse.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "SUSE Bug 1256834 for CVE-2025-68160",
"url": "https://bugzilla.suse.com/1256834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-16T08:54:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69418"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69418",
"url": "https://www.suse.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "SUSE Bug 1256835 for CVE-2025-69418",
"url": "https://bugzilla.suse.com/1256835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-16T08:54:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69419"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69419",
"url": "https://www.suse.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "SUSE Bug 1256836 for CVE-2025-69419",
"url": "https://bugzilla.suse.com/1256836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-16T08:54:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69420"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69420",
"url": "https://www.suse.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "SUSE Bug 1256837 for CVE-2025-69420",
"url": "https://bugzilla.suse.com/1256837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-16T08:54:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-69421"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-69421",
"url": "https://www.suse.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "SUSE Bug 1256838 for CVE-2025-69421",
"url": "https://bugzilla.suse.com/1256838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-16T08:54:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22795"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22795",
"url": "https://www.suse.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "SUSE Bug 1256839 for CVE-2026-22795",
"url": "https://bugzilla.suse.com/1256839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-16T08:54:36Z",
"details": "moderate"
}
],
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22796"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22796",
"url": "https://www.suse.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "SUSE Bug 1256840 for CVE-2026-22796",
"url": "https://bugzilla.suse.com/1256840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_8.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.ppc64le",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-16T08:54:36Z",
"details": "moderate"
}
],
"title": "CVE-2026-22796"
}
]
}
SUSE-SU-2026:20542-1
Vulnerability from csaf_suse - Published: 2026-02-18 16:23 - Updated: 2026-02-18 16:23Summary
Security update for openssl-3-livepatches
Severity
Critical
Notes
Title of the patch: Security update for openssl-3-livepatches
Description of the patch: This update for openssl-3-livepatches fixes the following issues:
- CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878).
- CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).
- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).
- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK Unwrap (bsc#1250410).
Patchnames: SUSE-SL-Micro-6.2-298
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3-livepatches",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3-livepatches fixes the following issues:\n\n- CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878).\n- CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).\n- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).\n- CVE-2025-9230: Fixed out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap (bsc#1250410).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-298",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20542-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20542-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620542-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20542-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024594.html"
},
{
"category": "self",
"summary": "SUSE Bug 1250410",
"url": "https://bugzilla.suse.com/1250410"
},
{
"category": "self",
"summary": "SUSE Bug 1256876",
"url": "https://bugzilla.suse.com/1256876"
},
{
"category": "self",
"summary": "SUSE Bug 1256878",
"url": "https://bugzilla.suse.com/1256878"
},
{
"category": "self",
"summary": "SUSE Bug 1256880",
"url": "https://bugzilla.suse.com/1256880"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9230 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9230/"
}
],
"title": "Security update for openssl-3-livepatches",
"tracking": {
"current_release_date": "2026-02-18T16:23:27Z",
"generator": {
"date": "2026-02-18T16:23:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20542-1",
"initial_release_date": "2026-02-18T16:23:27Z",
"revision_history": [
{
"date": "2026-02-18T16:23:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"product": {
"name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"product_id": "openssl-3-livepatches-0.3-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
"product": {
"name": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
"product_id": "openssl-3-livepatches-0.3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le"
},
"product_reference": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-livepatches-0.3-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
},
"product_reference": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11187"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11187",
"url": "https://www.suse.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "SUSE Bug 1256829 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256829"
},
{
"category": "external",
"summary": "SUSE Bug 1256878 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T16:23:27Z",
"details": "important"
}
],
"title": "CVE-2025-11187"
},
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "external",
"summary": "SUSE Bug 1256876 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T16:23:27Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-15468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15468"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15468",
"url": "https://www.suse.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "SUSE Bug 1256831 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256831"
},
{
"category": "external",
"summary": "SUSE Bug 1256880 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T16:23:27Z",
"details": "important"
}
],
"title": "CVE-2025-15468"
},
{
"cve": "CVE-2025-9230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9230"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9230",
"url": "https://www.suse.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "SUSE Bug 1250232 for CVE-2025-9230",
"url": "https://bugzilla.suse.com/1250232"
},
{
"category": "external",
"summary": "SUSE Bug 1250410 for CVE-2025-9230",
"url": "https://bugzilla.suse.com/1250410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T16:23:27Z",
"details": "important"
}
],
"title": "CVE-2025-9230"
}
]
}
SUSE-SU-2026:20607-1
Vulnerability from csaf_suse - Published: 2026-02-18 16:23 - Updated: 2026-02-18 16:23Summary
Security update for openssl-3-livepatches
Severity
Critical
Notes
Title of the patch: Security update for openssl-3-livepatches
Description of the patch: This update for openssl-3-livepatches fixes the following issues:
- CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878).
- CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).
- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).
- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK Unwrap (bsc#1250410).
Patchnames: SUSE-SLES-16.0-298
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3-livepatches",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3-livepatches fixes the following issues:\n\n- CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878).\n- CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).\n- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).\n- CVE-2025-9230: Fixed out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap (bsc#1250410).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-298",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20607-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20607-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620607-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20607-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024609.html"
},
{
"category": "self",
"summary": "SUSE Bug 1250410",
"url": "https://bugzilla.suse.com/1250410"
},
{
"category": "self",
"summary": "SUSE Bug 1256876",
"url": "https://bugzilla.suse.com/1256876"
},
{
"category": "self",
"summary": "SUSE Bug 1256878",
"url": "https://bugzilla.suse.com/1256878"
},
{
"category": "self",
"summary": "SUSE Bug 1256880",
"url": "https://bugzilla.suse.com/1256880"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9230 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9230/"
}
],
"title": "Security update for openssl-3-livepatches",
"tracking": {
"current_release_date": "2026-02-18T16:23:27Z",
"generator": {
"date": "2026-02-18T16:23:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20607-1",
"initial_release_date": "2026-02-18T16:23:27Z",
"revision_history": [
{
"date": "2026-02-18T16:23:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"product": {
"name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"product_id": "openssl-3-livepatches-0.3-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
"product": {
"name": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
"product_id": "openssl-3-livepatches-0.3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le"
},
"product_reference": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-livepatches-0.3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
},
"product_reference": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le"
},
"product_reference": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-livepatches-0.3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
},
"product_reference": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11187"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11187",
"url": "https://www.suse.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "SUSE Bug 1256829 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256829"
},
{
"category": "external",
"summary": "SUSE Bug 1256878 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T16:23:27Z",
"details": "important"
}
],
"title": "CVE-2025-11187"
},
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "external",
"summary": "SUSE Bug 1256876 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T16:23:27Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-15468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15468"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15468",
"url": "https://www.suse.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "SUSE Bug 1256831 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256831"
},
{
"category": "external",
"summary": "SUSE Bug 1256880 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T16:23:27Z",
"details": "important"
}
],
"title": "CVE-2025-15468"
},
{
"cve": "CVE-2025-9230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9230"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9230",
"url": "https://www.suse.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "SUSE Bug 1250232 for CVE-2025-9230",
"url": "https://bugzilla.suse.com/1250232"
},
{
"category": "external",
"summary": "SUSE Bug 1250410 for CVE-2025-9230",
"url": "https://bugzilla.suse.com/1250410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T16:23:27Z",
"details": "important"
}
],
"title": "CVE-2025-9230"
}
]
}
SUSE-SU-2026:21544-1
Vulnerability from csaf_suse - Published: 2026-05-05 00:19 - Updated: 2026-05-05 00:19Summary
Security update for openssl-3-x86_64-v3-livepatches
Severity
Critical
Notes
Title of the patch: Security update for openssl-3-x86_64-v3-livepatches
Description of the patch: This update for openssl-3-x86_64-v3-livepatches fixes the following issues:
Changes in openssl-3-x86_64-v3-livepatches:
- Add package for libopenssl3-x86-64-v3-3.5.0 (bsc#1259271).
Fixed:
- CVE-2025-11187: Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878).
- CVE-2025-15467: Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).
- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).
- CVE-2025-9230: Fixed Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) (bsc#1250410).
Patchnames: SUSE-SLES-16.0-675
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3-x86_64-v3-livepatches",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3-x86_64-v3-livepatches fixes the following issues:\n\nChanges in openssl-3-x86_64-v3-livepatches:\n\n- Add package for libopenssl3-x86-64-v3-3.5.0 (bsc#1259271).\n\nFixed:\n\n- CVE-2025-11187: Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878).\n- CVE-2025-15467: Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).\n- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).\n- CVE-2025-9230: Fixed Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap (CVE-2025-9230) (bsc#1250410).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-675",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21544-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21544-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621544-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21544-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025974.html"
},
{
"category": "self",
"summary": "SUSE Bug 1250410",
"url": "https://bugzilla.suse.com/1250410"
},
{
"category": "self",
"summary": "SUSE Bug 1256876",
"url": "https://bugzilla.suse.com/1256876"
},
{
"category": "self",
"summary": "SUSE Bug 1256878",
"url": "https://bugzilla.suse.com/1256878"
},
{
"category": "self",
"summary": "SUSE Bug 1256880",
"url": "https://bugzilla.suse.com/1256880"
},
{
"category": "self",
"summary": "SUSE Bug 1259271",
"url": "https://bugzilla.suse.com/1259271"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-15468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-15468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9230 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9230/"
}
],
"title": "Security update for openssl-3-x86_64-v3-livepatches",
"tracking": {
"current_release_date": "2026-05-05T00:19:27Z",
"generator": {
"date": "2026-05-05T00:19:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21544-1",
"initial_release_date": "2026-05-05T00:19:27Z",
"revision_history": [
{
"date": "2026-05-05T00:19:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"product": {
"name": "openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"product_id": "openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
},
"product_reference": "openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
},
"product_reference": "openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11187"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11187",
"url": "https://www.suse.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "SUSE Bug 1256829 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256829"
},
{
"category": "external",
"summary": "SUSE Bug 1256878 for CVE-2025-11187",
"url": "https://bugzilla.suse.com/1256878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-05T00:19:27Z",
"details": "important"
}
],
"title": "CVE-2025-11187"
},
{
"cve": "CVE-2025-15467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15467"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15467",
"url": "https://www.suse.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "SUSE Bug 1256830 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256830"
},
{
"category": "external",
"summary": "SUSE Bug 1256876 for CVE-2025-15467",
"url": "https://bugzilla.suse.com/1256876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-05T00:19:27Z",
"details": "critical"
}
],
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-15468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-15468"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-15468",
"url": "https://www.suse.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "SUSE Bug 1256831 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256831"
},
{
"category": "external",
"summary": "SUSE Bug 1256880 for CVE-2025-15468",
"url": "https://bugzilla.suse.com/1256880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-05T00:19:27Z",
"details": "important"
}
],
"title": "CVE-2025-15468"
},
{
"cve": "CVE-2025-9230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9230"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9230",
"url": "https://www.suse.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "SUSE Bug 1250232 for CVE-2025-9230",
"url": "https://bugzilla.suse.com/1250232"
},
{
"category": "external",
"summary": "SUSE Bug 1250410 for CVE-2025-9230",
"url": "https://bugzilla.suse.com/1250410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:openssl-3-x86_64-v3-livepatches-0.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-05T00:19:27Z",
"details": "important"
}
],
"title": "CVE-2025-9230"
}
]
}
VDE-2026-023
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2026-04-22 08:00 - Updated: 2026-04-22 08:00Summary
Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSL
Severity
High
Notes
Summary: Attacks are possible when installing key files and digitally signed objects. These attacks can only be carried out if these files are uploaded and installed by a logged-in user with high privileges.
Impact: A successful attack using manipulated firmware or key files (PKCS#12) can lead to the execution of malicious code. This can jeopardize confidentiality, integrity and availability.
Mitigation: Phoenix Contact strongly recommends to upload firmware or key files (PKCS#12) only from trusted source and to thorougly check the SHA256 checksum of the files to be uploaded.
Remediation: Phoenix Contact strongly recommends to upgrade affected devices to the fixed firmware as soon as it gets avaliable.
| Article family | Versionsnummer des Fix | Fix available | Planned release date |
|:----------------------------------------------------------------|:---------------------------|:----------------|:-----------------------|
| CHARX control modular SEC-3XXX | 1.9.0 | yes | |
| PLCnext Control | 2024.0.17 | yes | |
| PLCnext Control AXC F 2000 EA | 2026.0.0 | yes | |
| Energy AXC PU | V04.27.00.00 | no | 2026-08-31 |
| SMART RTU AXC SG | V01.11.00.00 | no | 2026-09-30 |
| SMART RTU AXC IG | V01.04.00.00 | no | 2026-12-31 |
| ILC 2250, CATAN C1 | Emalytics-1.12.3 | no | 2026-05-31 |
| ILC 2050 | Emalytics-1.12.4 | no | 2026-09-30 |
| FL MGUARD 2xxx, 4xxx | 10.6.1 | yes | |
| FL SWITCH 2xxx, FL NAT 2xxx, FL SWITCH TSN 23xx, FL SWITCH 59xx | 3.57 | no | 2026-06-29 |
| FL WLAN 1xxx, FL WLAN 23xx | 26.06.00 | no | 2026-06-29 |
| TC ROUTER 2xxx, 3xxx, TC CLOUD CLIENT 1002-4G | 3.8.9 | yes | |
| TC ROUTER 5004T-5G EU | 1.6.24 | yes | |
| CLOUD CLIENT 1101-TX/TX, TC CLOUD CLIENT 1002-TX/TX | 3.7.8 | yes | |
| TC ROUTER 4xxx | 5.0.72.102 | no | 2026-04-30 |
| FL TIMESERVER NTP | 5.0.71.101 | no | 2026-08-31 |
| CELLULINK x401-4G | 2025.6.3 | yes | |
General Recommendation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
Product Description: Phoenix Contact industrial routers, acess points and switches, security appliances, charge controllers and SPS controllers.
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
9.8 (Critical)
8.8 (High)
Mitigation
Phoenix Contact strongly recommends to upload firmware only from trusted source and to thorougly check the SHA256 checksum of the firmware image to be uploaded.
Vendor Fix
Phoenix Contact strongly recommends to upgrade the fixed firmware.
None Available
Phoenix Contact strongly recommends to upgrade the fixed firmware as soon as it gets avaliable.
Affected products
First affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenSSL 3.0.0
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*
|
3.0.0 |
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — | ||
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — | ||
| Unresolved product id: CSAFPID-32127 | — | ||
| Unresolved product id: CSAFPID-32128 | — | ||
| Unresolved product id: CSAFPID-32129 | — | ||
| Unresolved product id: CSAFPID-32130 | — | ||
| Unresolved product id: CSAFPID-32131 | — | ||
| Unresolved product id: CSAFPID-32132 | — | ||
| Unresolved product id: CSAFPID-32133 | — | ||
| Unresolved product id: CSAFPID-32134 | — | ||
| Unresolved product id: CSAFPID-32135 | — | ||
| Unresolved product id: CSAFPID-32136 | — | ||
| Unresolved product id: CSAFPID-32137 | — | ||
| Unresolved product id: CSAFPID-32138 | — | ||
| Unresolved product id: CSAFPID-32139 | — | ||
| Unresolved product id: CSAFPID-32144 | — | ||
| Unresolved product id: CSAFPID-32145 | — | ||
| Unresolved product id: CSAFPID-32146 | — | ||
| Unresolved product id: CSAFPID-32147 | — | ||
|
OpenSSL 3.0.19
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.14:-:*:*:*:*:*:*
|
— |
Known affected
145 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — | ||
| Unresolved product id: CSAFPID-31031 | — | ||
| Unresolved product id: CSAFPID-31032 | — | ||
| Unresolved product id: CSAFPID-31033 | — | ||
| Unresolved product id: CSAFPID-31034 | — | ||
| Unresolved product id: CSAFPID-31035 | — | ||
| Unresolved product id: CSAFPID-31036 | — | ||
| Unresolved product id: CSAFPID-31037 | — | ||
| Unresolved product id: CSAFPID-31038 | — | ||
| Unresolved product id: CSAFPID-31039 | — | ||
| Unresolved product id: CSAFPID-31040 | — | ||
| Unresolved product id: CSAFPID-31041 | — | ||
| Unresolved product id: CSAFPID-31042 | — | ||
| Unresolved product id: CSAFPID-31043 | — | ||
| Unresolved product id: CSAFPID-31044 | — | ||
| Unresolved product id: CSAFPID-31045 | — | ||
| Unresolved product id: CSAFPID-31046 | — | ||
| Unresolved product id: CSAFPID-31047 | — | ||
| Unresolved product id: CSAFPID-31048 | — | ||
| Unresolved product id: CSAFPID-31049 | — | ||
| Unresolved product id: CSAFPID-31050 | — | ||
| Unresolved product id: CSAFPID-31051 | — | ||
| Unresolved product id: CSAFPID-31052 | — | ||
| Unresolved product id: CSAFPID-31053 | — | ||
| Unresolved product id: CSAFPID-31054 | — | ||
| Unresolved product id: CSAFPID-31055 | — | ||
| Unresolved product id: CSAFPID-31056 | — | ||
| Unresolved product id: CSAFPID-31057 | — | ||
| Unresolved product id: CSAFPID-31058 | — | ||
| Unresolved product id: CSAFPID-31059 | — | ||
| Unresolved product id: CSAFPID-31060 | — | ||
| Unresolved product id: CSAFPID-31061 | — | ||
| Unresolved product id: CSAFPID-31062 | — | ||
| Unresolved product id: CSAFPID-31063 | — | ||
| Unresolved product id: CSAFPID-31064 | — | ||
| Unresolved product id: CSAFPID-31065 | — | ||
| Unresolved product id: CSAFPID-31066 | — | ||
| Unresolved product id: CSAFPID-31067 | — | ||
| Unresolved product id: CSAFPID-31068 | — | ||
| Unresolved product id: CSAFPID-31069 | — | ||
| Unresolved product id: CSAFPID-31070 | — | ||
| Unresolved product id: CSAFPID-31071 | — | ||
| Unresolved product id: CSAFPID-31072 | — | ||
| Unresolved product id: CSAFPID-31073 | — | ||
| Unresolved product id: CSAFPID-31074 | — | ||
| Unresolved product id: CSAFPID-31075 | — | ||
| Unresolved product id: CSAFPID-31076 | — | ||
| Unresolved product id: CSAFPID-31077 | — | ||
| Unresolved product id: CSAFPID-31078 | — | ||
| Unresolved product id: CSAFPID-31079 | — | ||
| Unresolved product id: CSAFPID-31080 | — | ||
| Unresolved product id: CSAFPID-31081 | — | ||
| Unresolved product id: CSAFPID-31082 | — | ||
| Unresolved product id: CSAFPID-31083 | — | ||
| Unresolved product id: CSAFPID-31084 | — | ||
| Unresolved product id: CSAFPID-31085 | — | ||
| Unresolved product id: CSAFPID-31086 | — | ||
| Unresolved product id: CSAFPID-31087 | — | ||
| Unresolved product id: CSAFPID-31088 | — | ||
| Unresolved product id: CSAFPID-31089 | — | ||
| Unresolved product id: CSAFPID-31090 | — | ||
| Unresolved product id: CSAFPID-31091 | — | ||
| Unresolved product id: CSAFPID-31092 | — | ||
| Unresolved product id: CSAFPID-31093 | — | ||
| Unresolved product id: CSAFPID-31094 | — | ||
| Unresolved product id: CSAFPID-31095 | — | ||
| Unresolved product id: CSAFPID-31096 | — | ||
| Unresolved product id: CSAFPID-31097 | — | ||
| Unresolved product id: CSAFPID-31098 | — | ||
| Unresolved product id: CSAFPID-31099 | — | ||
| Unresolved product id: CSAFPID-31100 | — | ||
| Unresolved product id: CSAFPID-31101 | — | ||
| Unresolved product id: CSAFPID-31102 | — | ||
| Unresolved product id: CSAFPID-31103 | — | ||
| Unresolved product id: CSAFPID-31104 | — | ||
| Unresolved product id: CSAFPID-31105 | — | ||
| Unresolved product id: CSAFPID-31106 | — | ||
| Unresolved product id: CSAFPID-31107 | — | ||
| Unresolved product id: CSAFPID-31108 | — | ||
| Unresolved product id: CSAFPID-31109 | — | ||
| Unresolved product id: CSAFPID-31110 | — | ||
| Unresolved product id: CSAFPID-31111 | — | ||
| Unresolved product id: CSAFPID-31112 | — | ||
| Unresolved product id: CSAFPID-31113 | — | ||
| Unresolved product id: CSAFPID-31114 | — | ||
| Unresolved product id: CSAFPID-31115 | — | ||
| Unresolved product id: CSAFPID-31116 | — | ||
| Unresolved product id: CSAFPID-31117 | — | ||
| Unresolved product id: CSAFPID-31118 | — | ||
| Unresolved product id: CSAFPID-31119 | — | ||
| Unresolved product id: CSAFPID-31120 | — | ||
| Unresolved product id: CSAFPID-31121 | — | ||
| Unresolved product id: CSAFPID-31122 | — | ||
| Unresolved product id: CSAFPID-31123 | — | ||
| Unresolved product id: CSAFPID-31124 | — | ||
| Unresolved product id: CSAFPID-31125 | — | ||
| Unresolved product id: CSAFPID-31126 | — | ||
| Unresolved product id: CSAFPID-31127 | — | ||
| Unresolved product id: CSAFPID-31128 | — | ||
| Unresolved product id: CSAFPID-31129 | — | ||
| Unresolved product id: CSAFPID-31130 | — | ||
| Unresolved product id: CSAFPID-31131 | — | ||
| Unresolved product id: CSAFPID-31132 | — | ||
| Unresolved product id: CSAFPID-31133 | — | ||
| Unresolved product id: CSAFPID-31134 | — | ||
| Unresolved product id: CSAFPID-31135 | — | ||
| Unresolved product id: CSAFPID-31136 | — | ||
| Unresolved product id: CSAFPID-31137 | — | ||
| Unresolved product id: CSAFPID-31138 | — | ||
| Unresolved product id: CSAFPID-31139 | — | ||
| Unresolved product id: CSAFPID-31140 | — | ||
| Unresolved product id: CSAFPID-31141 | — | ||
| Unresolved product id: CSAFPID-31142 | — | ||
| Unresolved product id: CSAFPID-31143 | — | ||
| Unresolved product id: CSAFPID-31144 | — | ||
| Unresolved product id: CSAFPID-31145 | — | ||
| Unresolved product id: CSAFPID-31146 | — | ||
| Unresolved product id: CSAFPID-31147 | — | ||
|
OpenSSL 3.0.0
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*
|
3.0.0 | |
|
OpenSSL 3.0.18
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.13:-:*:*:*:*:*:*
|
3.0.18 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenSSL 3.0.18
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.13:-:*:*:*:*:*:*
|
3.0.18 |
Under investigation
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-33018 | — | ||
| Unresolved product id: CSAFPID-33019 | — | ||
| Unresolved product id: CSAFPID-33020 | — | ||
| Unresolved product id: CSAFPID-33021 | — | ||
| Unresolved product id: CSAFPID-33022 | — | ||
| Unresolved product id: CSAFPID-33023 | — | ||
| Unresolved product id: CSAFPID-33024 | — | ||
| Unresolved product id: CSAFPID-33025 | — | ||
| Unresolved product id: CSAFPID-33040 | — | ||
| Unresolved product id: CSAFPID-33041 | — | ||
| Unresolved product id: CSAFPID-33042 | — | ||
| Unresolved product id: CSAFPID-33043 | — | ||
| Unresolved product id: CSAFPID-33044 | — | ||
| Unresolved product id: CSAFPID-33045 | — | ||
| Unresolved product id: CSAFPID-33046 | — | ||
| Unresolved product id: CSAFPID-33047 | — | ||
| Unresolved product id: CSAFPID-33048 | — | ||
| Unresolved product id: CSAFPID-33049 | — | ||
| Unresolved product id: CSAFPID-33050 | — | ||
| Unresolved product id: CSAFPID-33051 | — | ||
| Unresolved product id: CSAFPID-33052 | — | ||
| Unresolved product id: CSAFPID-33053 | — | ||
| Unresolved product id: CSAFPID-33054 | — | ||
| Unresolved product id: CSAFPID-33055 | — | ||
| Unresolved product id: CSAFPID-33056 | — | ||
| Unresolved product id: CSAFPID-33057 | — | ||
| Unresolved product id: CSAFPID-33058 | — | ||
| Unresolved product id: CSAFPID-33059 | — | ||
| Unresolved product id: CSAFPID-33060 | — | ||
| Unresolved product id: CSAFPID-33061 | — | ||
| Unresolved product id: CSAFPID-33062 | — | ||
| Unresolved product id: CSAFPID-33063 | — | ||
| Unresolved product id: CSAFPID-33064 | — | ||
| Unresolved product id: CSAFPID-33065 | — | ||
| Unresolved product id: CSAFPID-33066 | — | ||
| Unresolved product id: CSAFPID-33067 | — | ||
| Unresolved product id: CSAFPID-33068 | — | ||
| Unresolved product id: CSAFPID-33069 | — | ||
| Unresolved product id: CSAFPID-33070 | — | ||
| Unresolved product id: CSAFPID-33071 | — | ||
| Unresolved product id: CSAFPID-33072 | — | ||
| Unresolved product id: CSAFPID-33073 | — | ||
| Unresolved product id: CSAFPID-33074 | — | ||
| Unresolved product id: CSAFPID-33075 | — | ||
| Unresolved product id: CSAFPID-33076 | — | ||
| Unresolved product id: CSAFPID-33077 | — | ||
| Unresolved product id: CSAFPID-33078 | — | ||
| Unresolved product id: CSAFPID-33079 | — | ||
| Unresolved product id: CSAFPID-33080 | — | ||
| Unresolved product id: CSAFPID-33081 | — | ||
| Unresolved product id: CSAFPID-33082 | — | ||
| Unresolved product id: CSAFPID-33083 | — | ||
| Unresolved product id: CSAFPID-33084 | — | ||
| Unresolved product id: CSAFPID-33085 | — | ||
| Unresolved product id: CSAFPID-33086 | — | ||
| Unresolved product id: CSAFPID-33087 | — | ||
| Unresolved product id: CSAFPID-33088 | — | ||
| Unresolved product id: CSAFPID-33089 | — | ||
| Unresolved product id: CSAFPID-33090 | — | ||
| Unresolved product id: CSAFPID-33091 | — | ||
| Unresolved product id: CSAFPID-33092 | — | ||
| Unresolved product id: CSAFPID-33093 | — | ||
| Unresolved product id: CSAFPID-33094 | — | ||
| Unresolved product id: CSAFPID-33095 | — | ||
| Unresolved product id: CSAFPID-33096 | — | ||
| Unresolved product id: CSAFPID-33097 | — | ||
| Unresolved product id: CSAFPID-33098 | — | ||
| Unresolved product id: CSAFPID-33099 | — | ||
| Unresolved product id: CSAFPID-33100 | — | ||
| Unresolved product id: CSAFPID-33101 | — | ||
| Unresolved product id: CSAFPID-33102 | — | ||
| Unresolved product id: CSAFPID-33103 | — | ||
| Unresolved product id: CSAFPID-33104 | — | ||
| Unresolved product id: CSAFPID-33105 | — | ||
| Unresolved product id: CSAFPID-33106 | — | ||
| Unresolved product id: CSAFPID-33107 | — | ||
| Unresolved product id: CSAFPID-33108 | — | ||
| Unresolved product id: CSAFPID-33109 | — | ||
| Unresolved product id: CSAFPID-33110 | — | ||
| Unresolved product id: CSAFPID-33111 | — | ||
| Unresolved product id: CSAFPID-33112 | — | ||
| Unresolved product id: CSAFPID-33113 | — | ||
| Unresolved product id: CSAFPID-33114 | — | ||
| Unresolved product id: CSAFPID-33115 | — | ||
| Unresolved product id: CSAFPID-33116 | — | ||
| Unresolved product id: CSAFPID-33117 | — | ||
| Unresolved product id: CSAFPID-33118 | — | ||
| Unresolved product id: CSAFPID-33119 | — | ||
| Unresolved product id: CSAFPID-33120 | — | ||
| Unresolved product id: CSAFPID-33121 | — | ||
| Unresolved product id: CSAFPID-33122 | — | ||
| Unresolved product id: CSAFPID-33123 | — | ||
| Unresolved product id: CSAFPID-33124 | — | ||
| Unresolved product id: CSAFPID-33125 | — | ||
| Unresolved product id: CSAFPID-33126 | — | ||
| Unresolved product id: CSAFPID-33140 | — | ||
| Unresolved product id: CSAFPID-33141 | — | ||
| Unresolved product id: CSAFPID-33142 | — | ||
| Unresolved product id: CSAFPID-33143 | — |
Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.
7.4 (High)
5.9 (Medium)
Mitigation
Phoenix Contact strongly recommends to upload firmware only from trusted source and to thorougly check the SHA256 checksum of the firmware image to be uploaded.
Vendor Fix
Phoenix Contact strongly recommends to upgrade the fixed firmware.
None Available
Phoenix Contact strongly recommends to upgrade the fixed firmware as soon as it gets avaliable.
Affected products
First affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenSSL 3.0.0
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*
|
3.0.0 |
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — | ||
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — | ||
| Unresolved product id: CSAFPID-32127 | — | ||
| Unresolved product id: CSAFPID-32128 | — | ||
| Unresolved product id: CSAFPID-32129 | — | ||
| Unresolved product id: CSAFPID-32130 | — | ||
| Unresolved product id: CSAFPID-32131 | — | ||
| Unresolved product id: CSAFPID-32132 | — | ||
| Unresolved product id: CSAFPID-32133 | — | ||
| Unresolved product id: CSAFPID-32134 | — | ||
| Unresolved product id: CSAFPID-32135 | — | ||
| Unresolved product id: CSAFPID-32136 | — | ||
| Unresolved product id: CSAFPID-32137 | — | ||
| Unresolved product id: CSAFPID-32138 | — | ||
| Unresolved product id: CSAFPID-32139 | — | ||
| Unresolved product id: CSAFPID-32144 | — | ||
| Unresolved product id: CSAFPID-32145 | — | ||
| Unresolved product id: CSAFPID-32146 | — | ||
| Unresolved product id: CSAFPID-32147 | — | ||
|
OpenSSL 3.0.19
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.14:-:*:*:*:*:*:*
|
— |
Known affected
111 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31040 | — | ||
| Unresolved product id: CSAFPID-31041 | — | ||
| Unresolved product id: CSAFPID-31042 | — | ||
| Unresolved product id: CSAFPID-31043 | — | ||
| Unresolved product id: CSAFPID-31044 | — | ||
| Unresolved product id: CSAFPID-31045 | — | ||
| Unresolved product id: CSAFPID-31046 | — | ||
| Unresolved product id: CSAFPID-31047 | — | ||
| Unresolved product id: CSAFPID-31048 | — | ||
| Unresolved product id: CSAFPID-31049 | — | ||
| Unresolved product id: CSAFPID-31050 | — | ||
| Unresolved product id: CSAFPID-31051 | — | ||
| Unresolved product id: CSAFPID-31052 | — | ||
| Unresolved product id: CSAFPID-31053 | — | ||
| Unresolved product id: CSAFPID-31054 | — | ||
| Unresolved product id: CSAFPID-31055 | — | ||
| Unresolved product id: CSAFPID-31056 | — | ||
| Unresolved product id: CSAFPID-31057 | — | ||
| Unresolved product id: CSAFPID-31058 | — | ||
| Unresolved product id: CSAFPID-31059 | — | ||
| Unresolved product id: CSAFPID-31060 | — | ||
| Unresolved product id: CSAFPID-31061 | — | ||
| Unresolved product id: CSAFPID-31062 | — | ||
| Unresolved product id: CSAFPID-31063 | — | ||
| Unresolved product id: CSAFPID-31064 | — | ||
| Unresolved product id: CSAFPID-31065 | — | ||
| Unresolved product id: CSAFPID-31066 | — | ||
| Unresolved product id: CSAFPID-31067 | — | ||
| Unresolved product id: CSAFPID-31068 | — | ||
| Unresolved product id: CSAFPID-31069 | — | ||
| Unresolved product id: CSAFPID-31070 | — | ||
| Unresolved product id: CSAFPID-31071 | — | ||
| Unresolved product id: CSAFPID-31072 | — | ||
| Unresolved product id: CSAFPID-31073 | — | ||
| Unresolved product id: CSAFPID-31074 | — | ||
| Unresolved product id: CSAFPID-31075 | — | ||
| Unresolved product id: CSAFPID-31076 | — | ||
| Unresolved product id: CSAFPID-31077 | — | ||
| Unresolved product id: CSAFPID-31078 | — | ||
| Unresolved product id: CSAFPID-31079 | — | ||
| Unresolved product id: CSAFPID-31080 | — | ||
| Unresolved product id: CSAFPID-31081 | — | ||
| Unresolved product id: CSAFPID-31082 | — | ||
| Unresolved product id: CSAFPID-31083 | — | ||
| Unresolved product id: CSAFPID-31084 | — | ||
| Unresolved product id: CSAFPID-31085 | — | ||
| Unresolved product id: CSAFPID-31086 | — | ||
| Unresolved product id: CSAFPID-31087 | — | ||
| Unresolved product id: CSAFPID-31088 | — | ||
| Unresolved product id: CSAFPID-31089 | — | ||
| Unresolved product id: CSAFPID-31090 | — | ||
| Unresolved product id: CSAFPID-31091 | — | ||
| Unresolved product id: CSAFPID-31092 | — | ||
| Unresolved product id: CSAFPID-31093 | — | ||
| Unresolved product id: CSAFPID-31094 | — | ||
| Unresolved product id: CSAFPID-31095 | — | ||
| Unresolved product id: CSAFPID-31096 | — | ||
| Unresolved product id: CSAFPID-31097 | — | ||
| Unresolved product id: CSAFPID-31098 | — | ||
| Unresolved product id: CSAFPID-31099 | — | ||
| Unresolved product id: CSAFPID-31100 | — | ||
| Unresolved product id: CSAFPID-31101 | — | ||
| Unresolved product id: CSAFPID-31102 | — | ||
| Unresolved product id: CSAFPID-31103 | — | ||
| Unresolved product id: CSAFPID-31104 | — | ||
| Unresolved product id: CSAFPID-31105 | — | ||
| Unresolved product id: CSAFPID-31106 | — | ||
| Unresolved product id: CSAFPID-31107 | — | ||
| Unresolved product id: CSAFPID-31108 | — | ||
| Unresolved product id: CSAFPID-31109 | — | ||
| Unresolved product id: CSAFPID-31110 | — | ||
| Unresolved product id: CSAFPID-31111 | — | ||
| Unresolved product id: CSAFPID-31112 | — | ||
| Unresolved product id: CSAFPID-31113 | — | ||
| Unresolved product id: CSAFPID-31114 | — | ||
| Unresolved product id: CSAFPID-31115 | — | ||
| Unresolved product id: CSAFPID-31116 | — | ||
| Unresolved product id: CSAFPID-31117 | — | ||
| Unresolved product id: CSAFPID-31118 | — | ||
| Unresolved product id: CSAFPID-31119 | — | ||
| Unresolved product id: CSAFPID-31120 | — | ||
| Unresolved product id: CSAFPID-31121 | — | ||
| Unresolved product id: CSAFPID-31122 | — | ||
| Unresolved product id: CSAFPID-31127 | — | ||
| Unresolved product id: CSAFPID-31128 | — | ||
| Unresolved product id: CSAFPID-31129 | — | ||
| Unresolved product id: CSAFPID-31130 | — | ||
| Unresolved product id: CSAFPID-31131 | — | ||
| Unresolved product id: CSAFPID-31132 | — | ||
| Unresolved product id: CSAFPID-31133 | — | ||
| Unresolved product id: CSAFPID-31134 | — | ||
| Unresolved product id: CSAFPID-31135 | — | ||
| Unresolved product id: CSAFPID-31136 | — | ||
| Unresolved product id: CSAFPID-31137 | — | ||
| Unresolved product id: CSAFPID-31138 | — | ||
| Unresolved product id: CSAFPID-31139 | — | ||
| Unresolved product id: CSAFPID-31140 | — | ||
| Unresolved product id: CSAFPID-31141 | — | ||
| Unresolved product id: CSAFPID-31142 | — | ||
| Unresolved product id: CSAFPID-31143 | — | ||
|
OpenSSL 3.0.0
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*
|
3.0.0 | |
|
OpenSSL 3.0.18
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.13:-:*:*:*:*:*:*
|
3.0.18 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenSSL 3.0.18
OpenSSL Software Foundation / OpenSSL
|
cpe:2.3:a:openssl:openssl:3.0.13:-:*:*:*:*:*:*
|
3.0.18 |
Under investigation
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-33018 | — | ||
| Unresolved product id: CSAFPID-33019 | — | ||
| Unresolved product id: CSAFPID-33020 | — | ||
| Unresolved product id: CSAFPID-33021 | — | ||
| Unresolved product id: CSAFPID-33022 | — | ||
| Unresolved product id: CSAFPID-33023 | — | ||
| Unresolved product id: CSAFPID-33024 | — | ||
| Unresolved product id: CSAFPID-33025 | — | ||
| Unresolved product id: CSAFPID-33040 | — | ||
| Unresolved product id: CSAFPID-33041 | — | ||
| Unresolved product id: CSAFPID-33042 | — | ||
| Unresolved product id: CSAFPID-33043 | — | ||
| Unresolved product id: CSAFPID-33044 | — | ||
| Unresolved product id: CSAFPID-33045 | — | ||
| Unresolved product id: CSAFPID-33046 | — | ||
| Unresolved product id: CSAFPID-33047 | — | ||
| Unresolved product id: CSAFPID-33048 | — | ||
| Unresolved product id: CSAFPID-33049 | — | ||
| Unresolved product id: CSAFPID-33050 | — | ||
| Unresolved product id: CSAFPID-33051 | — | ||
| Unresolved product id: CSAFPID-33052 | — | ||
| Unresolved product id: CSAFPID-33053 | — | ||
| Unresolved product id: CSAFPID-33054 | — | ||
| Unresolved product id: CSAFPID-33055 | — | ||
| Unresolved product id: CSAFPID-33056 | — | ||
| Unresolved product id: CSAFPID-33057 | — | ||
| Unresolved product id: CSAFPID-33058 | — | ||
| Unresolved product id: CSAFPID-33059 | — | ||
| Unresolved product id: CSAFPID-33060 | — | ||
| Unresolved product id: CSAFPID-33061 | — | ||
| Unresolved product id: CSAFPID-33062 | — | ||
| Unresolved product id: CSAFPID-33063 | — | ||
| Unresolved product id: CSAFPID-33064 | — | ||
| Unresolved product id: CSAFPID-33065 | — | ||
| Unresolved product id: CSAFPID-33066 | — | ||
| Unresolved product id: CSAFPID-33067 | — | ||
| Unresolved product id: CSAFPID-33068 | — | ||
| Unresolved product id: CSAFPID-33069 | — | ||
| Unresolved product id: CSAFPID-33070 | — | ||
| Unresolved product id: CSAFPID-33071 | — | ||
| Unresolved product id: CSAFPID-33072 | — | ||
| Unresolved product id: CSAFPID-33073 | — | ||
| Unresolved product id: CSAFPID-33074 | — | ||
| Unresolved product id: CSAFPID-33075 | — | ||
| Unresolved product id: CSAFPID-33076 | — | ||
| Unresolved product id: CSAFPID-33077 | — | ||
| Unresolved product id: CSAFPID-33078 | — | ||
| Unresolved product id: CSAFPID-33079 | — | ||
| Unresolved product id: CSAFPID-33080 | — | ||
| Unresolved product id: CSAFPID-33081 | — | ||
| Unresolved product id: CSAFPID-33082 | — | ||
| Unresolved product id: CSAFPID-33083 | — | ||
| Unresolved product id: CSAFPID-33084 | — | ||
| Unresolved product id: CSAFPID-33085 | — | ||
| Unresolved product id: CSAFPID-33086 | — | ||
| Unresolved product id: CSAFPID-33087 | — | ||
| Unresolved product id: CSAFPID-33088 | — | ||
| Unresolved product id: CSAFPID-33089 | — | ||
| Unresolved product id: CSAFPID-33090 | — | ||
| Unresolved product id: CSAFPID-33091 | — | ||
| Unresolved product id: CSAFPID-33092 | — | ||
| Unresolved product id: CSAFPID-33093 | — | ||
| Unresolved product id: CSAFPID-33094 | — | ||
| Unresolved product id: CSAFPID-33095 | — | ||
| Unresolved product id: CSAFPID-33096 | — | ||
| Unresolved product id: CSAFPID-33097 | — | ||
| Unresolved product id: CSAFPID-33098 | — | ||
| Unresolved product id: CSAFPID-33099 | — | ||
| Unresolved product id: CSAFPID-33100 | — | ||
| Unresolved product id: CSAFPID-33101 | — | ||
| Unresolved product id: CSAFPID-33102 | — | ||
| Unresolved product id: CSAFPID-33103 | — | ||
| Unresolved product id: CSAFPID-33104 | — | ||
| Unresolved product id: CSAFPID-33105 | — | ||
| Unresolved product id: CSAFPID-33106 | — | ||
| Unresolved product id: CSAFPID-33107 | — | ||
| Unresolved product id: CSAFPID-33108 | — | ||
| Unresolved product id: CSAFPID-33109 | — | ||
| Unresolved product id: CSAFPID-33110 | — | ||
| Unresolved product id: CSAFPID-33111 | — | ||
| Unresolved product id: CSAFPID-33112 | — | ||
| Unresolved product id: CSAFPID-33113 | — | ||
| Unresolved product id: CSAFPID-33114 | — | ||
| Unresolved product id: CSAFPID-33115 | — | ||
| Unresolved product id: CSAFPID-33116 | — | ||
| Unresolved product id: CSAFPID-33117 | — | ||
| Unresolved product id: CSAFPID-33118 | — | ||
| Unresolved product id: CSAFPID-33119 | — | ||
| Unresolved product id: CSAFPID-33120 | — | ||
| Unresolved product id: CSAFPID-33121 | — | ||
| Unresolved product id: CSAFPID-33122 | — | ||
| Unresolved product id: CSAFPID-33123 | — | ||
| Unresolved product id: CSAFPID-33124 | — | ||
| Unresolved product id: CSAFPID-33125 | — | ||
| Unresolved product id: CSAFPID-33126 | — | ||
| Unresolved product id: CSAFPID-33140 | — | ||
| Unresolved product id: CSAFPID-33141 | — | ||
| Unresolved product id: CSAFPID-33142 | — | ||
| Unresolved product id: CSAFPID-33143 | — |
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Attacks are possible when installing key files and digitally signed objects. These attacks can only be carried out if these files are uploaded and installed by a logged-in user with high privileges.",
"title": "Summary"
},
{
"category": "description",
"text": "A successful attack using manipulated firmware or key files (PKCS#12) can lead to the execution of malicious code. This can jeopardize confidentiality, integrity and availability.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact strongly recommends to upload firmware or key files (PKCS#12) only from trusted source and to thorougly check the SHA256 checksum of the files to be uploaded.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact strongly recommends to upgrade affected devices to the fixed firmware as soon as it gets avaliable.\n\n| Article family | Versionsnummer des Fix | Fix available | Planned release date |\n|:----------------------------------------------------------------|:---------------------------|:----------------|:-----------------------|\n| CHARX control modular SEC-3XXX | 1.9.0 | yes | |\n| PLCnext Control | 2024.0.17 | yes | |\n| PLCnext Control AXC F 2000 EA | 2026.0.0 | yes | |\n| Energy AXC PU | V04.27.00.00 | no | 2026-08-31 |\n| SMART RTU AXC SG | V01.11.00.00 | no | 2026-09-30 |\n| SMART RTU AXC IG | V01.04.00.00 | no | 2026-12-31 |\n| ILC 2250, CATAN C1 | Emalytics-1.12.3 | no | 2026-05-31 |\n| ILC 2050 | Emalytics-1.12.4 | no | 2026-09-30 |\n| FL MGUARD 2xxx, 4xxx | 10.6.1 | yes | |\n| FL SWITCH 2xxx, FL NAT 2xxx, FL SWITCH TSN 23xx, FL SWITCH 59xx | 3.57 | no | 2026-06-29 |\n| FL WLAN 1xxx, FL WLAN 23xx | 26.06.00 | no | 2026-06-29 |\n| TC ROUTER 2xxx, 3xxx, TC CLOUD CLIENT 1002-4G | 3.8.9 | yes | |\n| TC ROUTER 5004T-5G EU | 1.6.24 | yes | |\n| CLOUD CLIENT 1101-TX/TX, TC CLOUD CLIENT 1002-TX/TX | 3.7.8 | yes | |\n| TC ROUTER 4xxx | 5.0.72.102 | no | 2026-04-30 |\n| FL TIMESERVER NTP | 5.0.71.101 | no | 2026-08-31 |\n| CELLULINK x401-4G | 2025.6.3 | yes | |",
"title": "Remediation"
},
{
"category": "general",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).",
"title": "General Recommendation"
},
{
"category": "description",
"text": "Phoenix Contact industrial routers, acess points and switches, security appliances, charge controllers and SPS controllers.",
"title": "Product Description"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2026-00001",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact"
},
{
"category": "self",
"summary": "VDE-2026-023: Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSL - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-023"
},
{
"category": "self",
"summary": "VDE-2026-023: Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSL - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-023.json"
}
],
"title": "Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSL",
"tracking": {
"aliases": [
"VDE-2026-023",
"PCSA-2026-00001"
],
"current_release_date": "2026-04-22T08:00:00.000Z",
"generator": {
"date": "2026-04-07T12:35:14.324Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "VDE-2026-023",
"initial_release_date": "2026-04-22T08:00:00.000Z",
"revision_history": [
{
"date": "2026-04-22T08:00:00.000Z",
"number": "1.0.0",
"summary": "Initial release."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CHARX SEC-3150",
"product": {
"name": "CHARX SEC-3150",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1138965"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3100",
"product": {
"name": "CHARX SEC-3100",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1139012"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3050",
"product": {
"name": "CHARX SEC-3050",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1139018"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3000",
"product": {
"name": "CHARX SEC-3000",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1139022"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "GTC F 2172",
"product": {
"name": "GTC F 2172",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1079808"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
},
{
"category": "product_name",
"name": "NFC 482S",
"product": {
"name": "NFC 482S",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"1050841"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072R",
"product": {
"name": "RFC 4072R",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2000 EA",
"product": {
"name": "AXC F 2000 EA",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"1551772"
]
}
}
},
{
"category": "product_name",
"name": "Energy AXC PU",
"product": {
"name": "Energy AXC PU",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"model_numbers": [
"1264327"
]
}
}
},
{
"category": "product_name",
"name": "SMART RTU AXC SG",
"product": {
"name": "SMART RTU AXC SG",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"model_numbers": [
"1110435"
]
}
}
},
{
"category": "product_name",
"name": "SMART RTU AXC IG",
"product": {
"name": "SMART RTU AXC IG",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
}
},
{
"category": "product_name",
"name": "ILC 2050 BI",
"product": {
"name": "ILC 2050 BI",
"product_id": "CSAFPID-11021",
"product_identification_helper": {
"model_numbers": [
"2403160"
]
}
}
},
{
"category": "product_name",
"name": "ILC 2050 BI-L",
"product": {
"name": "ILC 2050 BI-L",
"product_id": "CSAFPID-11022",
"product_identification_helper": {
"model_numbers": [
"2404671"
]
}
}
},
{
"category": "product_name",
"name": "ILC 2250 BI",
"product": {
"name": "ILC 2250 BI",
"product_id": "CSAFPID-11023",
"product_identification_helper": {
"model_numbers": [
"1541303"
]
}
}
},
{
"category": "product_name",
"name": "ILC 2250 BI-L",
"product": {
"name": "ILC 2250 BI-L",
"product_id": "CSAFPID-11024",
"product_identification_helper": {
"model_numbers": [
"1535543"
]
}
}
},
{
"category": "product_name",
"name": "CATAN C1 EN",
"product": {
"name": "CATAN C1 EN",
"product_id": "CSAFPID-11025",
"product_identification_helper": {
"model_numbers": [
"1371432"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 2102",
"product": {
"name": "FL MGUARD 2102",
"product_id": "CSAFPID-11026",
"product_identification_helper": {
"model_numbers": [
"1357828"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 2105",
"product": {
"name": "FL MGUARD 2105",
"product_id": "CSAFPID-11027",
"product_identification_helper": {
"model_numbers": [
"1357850"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4302",
"product": {
"name": "FL MGUARD 4302",
"product_id": "CSAFPID-11028",
"product_identification_helper": {
"model_numbers": [
"1357840"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4305",
"product": {
"name": "FL MGUARD 4305",
"product_id": "CSAFPID-11029",
"product_identification_helper": {
"model_numbers": [
"1357875"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4102 PCIE",
"product": {
"name": "FL MGUARD 4102 PCIE",
"product_id": "CSAFPID-11030",
"product_identification_helper": {
"model_numbers": [
"1357842"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4102 PCI",
"product": {
"name": "FL MGUARD 4102 PCI",
"product_id": "CSAFPID-11031",
"product_identification_helper": {
"model_numbers": [
"1441187"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4302/K1",
"product": {
"name": "FL MGUARD 4302/K1",
"product_id": "CSAFPID-11032",
"product_identification_helper": {
"model_numbers": [
"1488318"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4102 PCIE/K2",
"product": {
"name": "FL MGUARD 4102 PCIE/K2",
"product_id": "CSAFPID-11033",
"product_identification_helper": {
"model_numbers": [
"1427378"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4102 PCI/K2",
"product": {
"name": "FL MGUARD 4102 PCI/K2",
"product_id": "CSAFPID-11034",
"product_identification_helper": {
"model_numbers": [
"1488314"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4302/K2",
"product": {
"name": "FL MGUARD 4302/K2",
"product_id": "CSAFPID-11035",
"product_identification_helper": {
"model_numbers": [
"1427379"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4302/K3",
"product": {
"name": "FL MGUARD 4302/K3",
"product_id": "CSAFPID-11036",
"product_identification_helper": {
"model_numbers": [
"1488325"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4302/K4",
"product": {
"name": "FL MGUARD 4302/K4",
"product_id": "CSAFPID-11037",
"product_identification_helper": {
"model_numbers": [
"1488326"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4302/KX",
"product": {
"name": "FL MGUARD 4302/KX",
"product_id": "CSAFPID-11038",
"product_identification_helper": {
"model_numbers": [
"1696708"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 4305/KX",
"product": {
"name": "FL MGUARD 4305/KX",
"product_id": "CSAFPID-11039",
"product_identification_helper": {
"model_numbers": [
"1696779"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2005",
"product": {
"name": "FL SWITCH 2005",
"product_id": "CSAFPID-11040",
"product_identification_helper": {
"model_numbers": [
"2702323"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2008",
"product": {
"name": "FL SWITCH 2008",
"product_id": "CSAFPID-11041",
"product_identification_helper": {
"model_numbers": [
"2702324"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2008F",
"product": {
"name": "FL SWITCH 2008F",
"product_id": "CSAFPID-11042",
"product_identification_helper": {
"model_numbers": [
"1106707"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2016",
"product": {
"name": "FL SWITCH 2016",
"product_id": "CSAFPID-11043",
"product_identification_helper": {
"model_numbers": [
"2702903"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2105",
"product": {
"name": "FL SWITCH 2105",
"product_id": "CSAFPID-11044",
"product_identification_helper": {
"model_numbers": [
"2702665"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2108",
"product": {
"name": "FL SWITCH 2108",
"product_id": "CSAFPID-11045",
"product_identification_helper": {
"model_numbers": [
"2702666"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2116",
"product": {
"name": "FL SWITCH 2116",
"product_id": "CSAFPID-11046",
"product_identification_helper": {
"model_numbers": [
"2702908"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2204-2TC-2SFX",
"product": {
"name": "FL SWITCH 2204-2TC-2SFX",
"product_id": "CSAFPID-11047",
"product_identification_helper": {
"model_numbers": [
"2702334"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2205",
"product": {
"name": "FL SWITCH 2205",
"product_id": "CSAFPID-11048",
"product_identification_helper": {
"model_numbers": [
"2702326"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2206-2FX",
"product": {
"name": "FL SWITCH 2206-2FX",
"product_id": "CSAFPID-11049",
"product_identification_helper": {
"model_numbers": [
"2702330"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2206-2FX SM",
"product": {
"name": "FL SWITCH 2206-2FX SM",
"product_id": "CSAFPID-11050",
"product_identification_helper": {
"model_numbers": [
"2702331"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2206-2FX SM ST",
"product": {
"name": "FL SWITCH 2206-2FX SM ST",
"product_id": "CSAFPID-11051",
"product_identification_helper": {
"model_numbers": [
"2702333"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2206-2FX ST",
"product": {
"name": "FL SWITCH 2206-2FX ST",
"product_id": "CSAFPID-11052",
"product_identification_helper": {
"model_numbers": [
"2702332"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2206-2SFX",
"product": {
"name": "FL SWITCH 2206-2SFX",
"product_id": "CSAFPID-11053",
"product_identification_helper": {
"model_numbers": [
"2702969"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2206-2SFX PN",
"product": {
"name": "FL SWITCH 2206-2SFX PN",
"product_id": "CSAFPID-11054",
"product_identification_helper": {
"model_numbers": [
"1044028"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2206C-2FX",
"product": {
"name": "FL SWITCH 2206C-2FX",
"product_id": "CSAFPID-11055",
"product_identification_helper": {
"model_numbers": [
"1095628"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2207-FX",
"product": {
"name": "FL SWITCH 2207-FX",
"product_id": "CSAFPID-11056",
"product_identification_helper": {
"model_numbers": [
"2702328"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2207-FX SM",
"product": {
"name": "FL SWITCH 2207-FX SM",
"product_id": "CSAFPID-11057",
"product_identification_helper": {
"model_numbers": [
"2702329"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2208",
"product": {
"name": "FL SWITCH 2208",
"product_id": "CSAFPID-11058",
"product_identification_helper": {
"model_numbers": [
"2702327"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2208 PN",
"product": {
"name": "FL SWITCH 2208 PN",
"product_id": "CSAFPID-11059",
"product_identification_helper": {
"model_numbers": [
"1044024"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2208C",
"product": {
"name": "FL SWITCH 2208C",
"product_id": "CSAFPID-11060",
"product_identification_helper": {
"model_numbers": [
"1095627"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2212-2TC-2SFX",
"product": {
"name": "FL SWITCH 2212-2TC-2SFX",
"product_id": "CSAFPID-11061",
"product_identification_helper": {
"model_numbers": [
"2702907"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2214-2FX",
"product": {
"name": "FL SWITCH 2214-2FX",
"product_id": "CSAFPID-11062",
"product_identification_helper": {
"model_numbers": [
"2702905"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2214-2FX SM",
"product": {
"name": "FL SWITCH 2214-2FX SM",
"product_id": "CSAFPID-11063",
"product_identification_helper": {
"model_numbers": [
"2702906"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2214-2SFX",
"product": {
"name": "FL SWITCH 2214-2SFX",
"product_id": "CSAFPID-11064",
"product_identification_helper": {
"model_numbers": [
"1006188"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2214-2SFX PN",
"product": {
"name": "FL SWITCH 2214-2SFX PN",
"product_id": "CSAFPID-11065",
"product_identification_helper": {
"model_numbers": [
"1044030"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2216",
"product": {
"name": "FL SWITCH 2216",
"product_id": "CSAFPID-11066",
"product_identification_helper": {
"model_numbers": [
"2702904"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2216 PN",
"product": {
"name": "FL SWITCH 2216 PN",
"product_id": "CSAFPID-11067",
"product_identification_helper": {
"model_numbers": [
"1044029"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2303-8SP1",
"product": {
"name": "FL SWITCH 2303-8SP1",
"product_id": "CSAFPID-11068",
"product_identification_helper": {
"model_numbers": [
"1278397"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2304-2GC-2SFP",
"product": {
"name": "FL SWITCH 2304-2GC-2SFP",
"product_id": "CSAFPID-11069",
"product_identification_helper": {
"model_numbers": [
"2702653"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2306-2SFP",
"product": {
"name": "FL SWITCH 2306-2SFP",
"product_id": "CSAFPID-11070",
"product_identification_helper": {
"model_numbers": [
"2702970"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2306-2SFP PN",
"product": {
"name": "FL SWITCH 2306-2SFP PN",
"product_id": "CSAFPID-11071",
"product_identification_helper": {
"model_numbers": [
"1009222"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2308",
"product": {
"name": "FL SWITCH 2308",
"product_id": "CSAFPID-11072",
"product_identification_helper": {
"model_numbers": [
"2702652"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2308 PN",
"product": {
"name": "FL SWITCH 2308 PN",
"product_id": "CSAFPID-11073",
"product_identification_helper": {
"model_numbers": [
"1009220"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2312-2GC-2SFP",
"product": {
"name": "FL SWITCH 2312-2GC-2SFP",
"product_id": "CSAFPID-11074",
"product_identification_helper": {
"model_numbers": [
"2702910"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2314-2SFP",
"product": {
"name": "FL SWITCH 2314-2SFP",
"product_id": "CSAFPID-11075",
"product_identification_helper": {
"model_numbers": [
"1006191"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2314-2SFP PN",
"product": {
"name": "FL SWITCH 2314-2SFP PN",
"product_id": "CSAFPID-11076",
"product_identification_helper": {
"model_numbers": [
"1031683"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2316",
"product": {
"name": "FL SWITCH 2316",
"product_id": "CSAFPID-11077",
"product_identification_helper": {
"model_numbers": [
"2702909"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2316 PN",
"product": {
"name": "FL SWITCH 2316 PN",
"product_id": "CSAFPID-11078",
"product_identification_helper": {
"model_numbers": [
"1031673"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2316/K1",
"product": {
"name": "FL SWITCH 2316/K1",
"product_id": "CSAFPID-11079",
"product_identification_helper": {
"model_numbers": [
"1184084"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2404-2TC-2SFX",
"product": {
"name": "FL SWITCH 2404-2TC-2SFX",
"product_id": "CSAFPID-11080",
"product_identification_helper": {
"model_numbers": [
"1088853"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2406-2SFX",
"product": {
"name": "FL SWITCH 2406-2SFX",
"product_id": "CSAFPID-11081",
"product_identification_helper": {
"model_numbers": [
"1043414"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2406-2SFX PN",
"product": {
"name": "FL SWITCH 2406-2SFX PN",
"product_id": "CSAFPID-11082",
"product_identification_helper": {
"model_numbers": [
"1089126"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2408",
"product": {
"name": "FL SWITCH 2408",
"product_id": "CSAFPID-11083",
"product_identification_helper": {
"model_numbers": [
"1043412"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2408 PN",
"product": {
"name": "FL SWITCH 2408 PN",
"product_id": "CSAFPID-11084",
"product_identification_helper": {
"model_numbers": [
"1089133"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2412-2TC-2SFX",
"product": {
"name": "FL SWITCH 2412-2TC-2SFX",
"product_id": "CSAFPID-11085",
"product_identification_helper": {
"model_numbers": [
"1088875"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2414-2SFX",
"product": {
"name": "FL SWITCH 2414-2SFX",
"product_id": "CSAFPID-11086",
"product_identification_helper": {
"model_numbers": [
"1043423"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2414-2SFX PN",
"product": {
"name": "FL SWITCH 2414-2SFX PN",
"product_id": "CSAFPID-11087",
"product_identification_helper": {
"model_numbers": [
"1089139"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2416",
"product": {
"name": "FL SWITCH 2416",
"product_id": "CSAFPID-11088",
"product_identification_helper": {
"model_numbers": [
"1043416"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2416 PN",
"product": {
"name": "FL SWITCH 2416 PN",
"product_id": "CSAFPID-11089",
"product_identification_helper": {
"model_numbers": [
"1089150"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2504-2GC-2SFP",
"product": {
"name": "FL SWITCH 2504-2GC-2SFP",
"product_id": "CSAFPID-11090",
"product_identification_helper": {
"model_numbers": [
"1088872"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2506-2SFP",
"product": {
"name": "FL SWITCH 2506-2SFP",
"product_id": "CSAFPID-11091",
"product_identification_helper": {
"model_numbers": [
"1043491"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2506-2SFP PN",
"product": {
"name": "FL SWITCH 2506-2SFP PN",
"product_id": "CSAFPID-11092",
"product_identification_helper": {
"model_numbers": [
"1089135"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2506-2SFP/K1",
"product": {
"name": "FL SWITCH 2506-2SFP/K1",
"product_id": "CSAFPID-11093",
"product_identification_helper": {
"model_numbers": [
"1215329"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2508",
"product": {
"name": "FL SWITCH 2508",
"product_id": "CSAFPID-11094",
"product_identification_helper": {
"model_numbers": [
"1043484"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2508 PN",
"product": {
"name": "FL SWITCH 2508 PN",
"product_id": "CSAFPID-11095",
"product_identification_helper": {
"model_numbers": [
"1089134"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2508/K1",
"product": {
"name": "FL SWITCH 2508/K1",
"product_id": "CSAFPID-11096",
"product_identification_helper": {
"model_numbers": [
"1215350"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2512-2GC-2SFP",
"product": {
"name": "FL SWITCH 2512-2GC-2SFP",
"product_id": "CSAFPID-11097",
"product_identification_helper": {
"model_numbers": [
"1088856"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2514-2SFP",
"product": {
"name": "FL SWITCH 2514-2SFP",
"product_id": "CSAFPID-11098",
"product_identification_helper": {
"model_numbers": [
"1043499"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2514-2SFP PN",
"product": {
"name": "FL SWITCH 2514-2SFP PN",
"product_id": "CSAFPID-11099",
"product_identification_helper": {
"model_numbers": [
"1089154"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2516",
"product": {
"name": "FL SWITCH 2516",
"product_id": "CSAFPID-11100",
"product_identification_helper": {
"model_numbers": [
"1043496"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2516 PN",
"product": {
"name": "FL SWITCH 2516 PN",
"product_id": "CSAFPID-11101",
"product_identification_helper": {
"model_numbers": [
"1089205"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2608",
"product": {
"name": "FL SWITCH 2608",
"product_id": "CSAFPID-11102",
"product_identification_helper": {
"model_numbers": [
"1106500"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2608 PN",
"product": {
"name": "FL SWITCH 2608 PN",
"product_id": "CSAFPID-11103",
"product_identification_helper": {
"model_numbers": [
"1106616"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2708",
"product": {
"name": "FL SWITCH 2708",
"product_id": "CSAFPID-11104",
"product_identification_helper": {
"model_numbers": [
"1106615"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 2708 PN",
"product": {
"name": "FL SWITCH 2708 PN",
"product_id": "CSAFPID-11105",
"product_identification_helper": {
"model_numbers": [
"1106610"
]
}
}
},
{
"category": "product_name",
"name": "FL NAT 2008",
"product": {
"name": "FL NAT 2008",
"product_id": "CSAFPID-11106",
"product_identification_helper": {
"model_numbers": [
"2702881"
]
}
}
},
{
"category": "product_name",
"name": "FL NAT 2208",
"product": {
"name": "FL NAT 2208",
"product_id": "CSAFPID-11107",
"product_identification_helper": {
"model_numbers": [
"2702882"
]
}
}
},
{
"category": "product_name",
"name": "FL NAT 2304-2GC-2SFP",
"product": {
"name": "FL NAT 2304-2GC-2SFP",
"product_id": "CSAFPID-11108",
"product_identification_helper": {
"model_numbers": [
"2702981"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH TSN 2316",
"product": {
"name": "FL SWITCH TSN 2316",
"product_id": "CSAFPID-11109",
"product_identification_helper": {
"model_numbers": [
"1232304"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH TSN 2312-2GC-2SFP",
"product": {
"name": "FL SWITCH TSN 2312-2GC-2SFP",
"product_id": "CSAFPID-11110",
"product_identification_helper": {
"model_numbers": [
"1232305"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH TSN 2314-2SFP",
"product": {
"name": "FL SWITCH TSN 2314-2SFP",
"product_id": "CSAFPID-11111",
"product_identification_helper": {
"model_numbers": [
"1232302"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 5924-4GC",
"product": {
"name": "FL SWITCH 5924-4GC",
"product_id": "CSAFPID-11112",
"product_identification_helper": {
"model_numbers": [
"1525945"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 5916-8GC-4SFP+",
"product": {
"name": "FL SWITCH 5916-8GC-4SFP+",
"product_id": "CSAFPID-11113",
"product_identification_helper": {
"model_numbers": [
"1525942"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 5924SFP-4GC",
"product": {
"name": "FL SWITCH 5924SFP-4GC",
"product_id": "CSAFPID-11114",
"product_identification_helper": {
"model_numbers": [
"1525944"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 5924-4SFP+",
"product": {
"name": "FL SWITCH 5924-4SFP+",
"product_id": "CSAFPID-11115",
"product_identification_helper": {
"model_numbers": [
"1525939"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 5916SFP-8GC-4SFP+",
"product": {
"name": "FL SWITCH 5916SFP-8GC-4SFP+",
"product_id": "CSAFPID-11116",
"product_identification_helper": {
"model_numbers": [
"1525943"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1020",
"product": {
"name": "FL WLAN 1020",
"product_id": "CSAFPID-11117",
"product_identification_helper": {
"model_numbers": [
"2702992"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1120",
"product": {
"name": "FL WLAN 1120",
"product_id": "CSAFPID-11118",
"product_identification_helper": {
"model_numbers": [
"1386091"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1022",
"product": {
"name": "FL WLAN 1022",
"product_id": "CSAFPID-11119",
"product_identification_helper": {
"model_numbers": [
"1752493"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1122",
"product": {
"name": "FL WLAN 1122",
"product_id": "CSAFPID-11120",
"product_identification_helper": {
"model_numbers": [
"1752496"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1121",
"product": {
"name": "FL WLAN 1121",
"product_id": "CSAFPID-11121",
"product_identification_helper": {
"model_numbers": [
"1386092"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 1021",
"product": {
"name": "FL WLAN 1021",
"product_id": "CSAFPID-11122",
"product_identification_helper": {
"model_numbers": [
"2702993"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 2331",
"product": {
"name": "FL WLAN 2331",
"product_id": "CSAFPID-11123",
"product_identification_helper": {
"model_numbers": [
"1360276"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 2341",
"product": {
"name": "FL WLAN 2341",
"product_id": "CSAFPID-11124",
"product_identification_helper": {
"model_numbers": [
"1510249"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 2330",
"product": {
"name": "FL WLAN 2330",
"product_id": "CSAFPID-11125",
"product_identification_helper": {
"model_numbers": [
"1360275"
]
}
}
},
{
"category": "product_name",
"name": "FL WLAN 2340",
"product": {
"name": "FL WLAN 2340",
"product_id": "CSAFPID-11126",
"product_identification_helper": {
"model_numbers": [
"1510147"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 3002T-4G",
"product": {
"name": "TC ROUTER 3002T-4G",
"product_id": "CSAFPID-11127",
"product_identification_helper": {
"model_numbers": [
"2702528"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 3002T-4G GL",
"product": {
"name": "TC ROUTER 3002T-4G GL",
"product_id": "CSAFPID-11128",
"product_identification_helper": {
"model_numbers": [
"1632697"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 5004T-5G EU",
"product": {
"name": "TC ROUTER 5004T-5G EU",
"product_id": "CSAFPID-11129",
"product_identification_helper": {
"model_numbers": [
"1439475"
]
}
}
},
{
"category": "product_name",
"name": "CLOUD CLIENT 1101T-TX/TX",
"product": {
"name": "CLOUD CLIENT 1101T-TX/TX",
"product_id": "CSAFPID-11130",
"product_identification_helper": {
"model_numbers": [
"1221706"
]
}
}
},
{
"category": "product_name",
"name": "TC CLOUD CLIENT 1002-TX/TX",
"product": {
"name": "TC CLOUD CLIENT 1002-TX/TX",
"product_id": "CSAFPID-11131",
"product_identification_helper": {
"model_numbers": [
"2702885"
]
}
}
},
{
"category": "product_name",
"name": "TC CLOUD CLIENT 1002-4G",
"product": {
"name": "TC CLOUD CLIENT 1002-4G",
"product_id": "CSAFPID-11132",
"product_identification_helper": {
"model_numbers": [
"2702886"
]
}
}
},
{
"category": "product_name",
"name": "TC CLOUD CLIENT 1002-4G VZW",
"product": {
"name": "TC CLOUD CLIENT 1002-4G VZW",
"product_id": "CSAFPID-11133",
"product_identification_helper": {
"model_numbers": [
"2702887"
]
}
}
},
{
"category": "product_name",
"name": "TC CLOUD CLIENT 1002-4G ATT",
"product": {
"name": "TC CLOUD CLIENT 1002-4G ATT",
"product_id": "CSAFPID-11134",
"product_identification_helper": {
"model_numbers": [
"2702888"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 2002T-4G",
"product": {
"name": "TC ROUTER 2002T-4G",
"product_id": "CSAFPID-11135",
"product_identification_helper": {
"model_numbers": [
"2702530"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 3002T-3G",
"product": {
"name": "TC ROUTER 3002T-3G",
"product_id": "CSAFPID-11136",
"product_identification_helper": {
"model_numbers": [
"2702529"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 2002T-3G",
"product": {
"name": "TC ROUTER 2002T-3G",
"product_id": "CSAFPID-11137",
"product_identification_helper": {
"model_numbers": [
"2702531"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 3002T-4G VZW",
"product": {
"name": "TC ROUTER 3002T-4G VZW",
"product_id": "CSAFPID-11138",
"product_identification_helper": {
"model_numbers": [
"2702532"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 3002T-4G ATT",
"product": {
"name": "TC ROUTER 3002T-4G ATT",
"product_id": "CSAFPID-11139",
"product_identification_helper": {
"model_numbers": [
"2702533"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 4002T-4G EU",
"product": {
"name": "TC ROUTER 4002T-4G EU",
"product_id": "CSAFPID-11140",
"product_identification_helper": {
"model_numbers": [
"1234352"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 4102T-4G EU WLAN",
"product": {
"name": "TC ROUTER 4102T-4G EU WLAN",
"product_id": "CSAFPID-11141",
"product_identification_helper": {
"model_numbers": [
"1234353"
]
}
}
},
{
"category": "product_name",
"name": "TC ROUTER 4202T-4G EU WLAN",
"product": {
"name": "TC ROUTER 4202T-4G EU WLAN",
"product_id": "CSAFPID-11142",
"product_identification_helper": {
"model_numbers": [
"1234354"
]
}
}
},
{
"category": "product_name",
"name": "FL TIMESERVER NTP",
"product": {
"name": "FL TIMESERVER NTP",
"product_id": "CSAFPID-11143",
"product_identification_helper": {
"model_numbers": [
"1107132"
]
}
}
},
{
"category": "product_name",
"name": "CELLULINK 2401-4G EU M25",
"product": {
"name": "CELLULINK 2401-4G EU M25",
"product_id": "CSAFPID-11144",
"product_identification_helper": {
"model_numbers": [
"1503433"
]
}
}
},
{
"category": "product_name",
"name": "CELLULINK 2401-4G EU M40",
"product": {
"name": "CELLULINK 2401-4G EU M40",
"product_id": "CSAFPID-11145",
"product_identification_helper": {
"model_numbers": [
"1503487"
]
}
}
},
{
"category": "product_name",
"name": "CELLULINK 4401-4G GL M25",
"product": {
"name": "CELLULINK 4401-4G GL M25",
"product_id": "CSAFPID-11146",
"product_identification_helper": {
"model_numbers": [
"1637527"
]
}
}
},
{
"category": "product_name",
"name": "CELLULINK 4401-4G GL M40",
"product": {
"name": "CELLULINK 4401-4G GL M40",
"product_id": "CSAFPID-11147",
"product_identification_helper": {
"model_numbers": [
"1637627"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.9.0",
"product": {
"name": "Firmware \u003c1.9.0",
"product_id": "CSAFPID-21001",
"product_identification_helper": {
"model_numbers": [
"1138965",
"1139012",
"1139018",
"1139022"
]
}
}
},
{
"category": "product_version",
"name": "1.9.0",
"product": {
"name": "1.9.0",
"product_id": "CSAFPID-22001",
"product_identification_helper": {
"model_numbers": [
"1138965",
"1139012",
"1139018",
"1139022"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c2024.0.17",
"product": {
"name": "Firmware \u003c2024.0.17",
"product_id": "CSAFPID-21002",
"product_identification_helper": {
"model_numbers": [
"1151412",
"2404267",
"1079808",
"1069208",
"1051328",
"1050841",
"1246285",
"1839159",
"1136419"
]
}
}
},
{
"category": "product_version",
"name": "2024.0.17",
"product": {
"name": "Firmware 2024.0.17",
"product_id": "CSAFPID-22002",
"product_identification_helper": {
"model_numbers": [
"1151412",
"2404267",
"1079808",
"1069208",
"1051328",
"1050841",
"1246285",
"1839159",
"1136419"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c2026.0.0",
"product": {
"name": "Firmware \u003c2026.0.0",
"product_id": "CSAFPID-21004",
"product_identification_helper": {
"model_numbers": [
"1551772"
]
}
}
},
{
"category": "product_version",
"name": "2026.0.0",
"product": {
"name": "Firmware 2026.0.0",
"product_id": "CSAFPID-22004",
"product_identification_helper": {
"model_numbers": [
"1551772"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003cV04.27.00.00",
"product": {
"name": "Firmware \u003cV04.27.00.00",
"product_id": "CSAFPID-21005",
"product_identification_helper": {
"model_numbers": [
"n/a"
]
}
}
},
{
"category": "product_version",
"name": "V04.27.00.00",
"product": {
"name": "Firmware V04.27.00.00",
"product_id": "CSAFPID-22005",
"product_identification_helper": {
"model_numbers": [
"n/a"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003cV01.11.00.00",
"product": {
"name": "Firmware \u003cV01.11.00.00",
"product_id": "CSAFPID-21006",
"product_identification_helper": {
"model_numbers": [
"n/a"
]
}
}
},
{
"category": "product_version",
"name": "V01.11.00.00",
"product": {
"name": "Firmware V01.11.00.00",
"product_id": "CSAFPID-22006",
"product_identification_helper": {
"model_numbers": [
"n/a"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003cV01.04.00.00",
"product": {
"name": "Firmware \u003cV01.04.00.00",
"product_id": "CSAFPID-21007",
"product_identification_helper": {
"model_numbers": [
"n/a"
]
}
}
},
{
"category": "product_version",
"name": "V01.04.00.00",
"product": {
"name": "Firmware V01.04.00.00",
"product_id": "CSAFPID-22007",
"product_identification_helper": {
"model_numbers": [
"n/a"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.12.3",
"product": {
"name": "Firmware \u003c1.12.3",
"product_id": "CSAFPID-21008",
"product_identification_helper": {
"model_numbers": [
"1541303",
"1535543",
"1371432"
]
}
}
},
{
"category": "product_version",
"name": "1.12.3",
"product": {
"name": "Firmware 1.12.3",
"product_id": "CSAFPID-22008",
"product_identification_helper": {
"model_numbers": [
"1541303",
"1535543",
"1371432"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c10.6.1",
"product": {
"name": "Firmware \u003c10.6.1",
"product_id": "CSAFPID-21009",
"product_identification_helper": {
"model_numbers": [
"1357828",
"1357850",
"1357840",
"1357875",
"1357842",
"1441187",
"1488318",
"1427378",
"1488314",
"1427379",
"1488325",
"1488326",
"1696708",
"1696779"
]
}
}
},
{
"category": "product_version",
"name": "10.6.1",
"product": {
"name": "Firmware 10.6.1",
"product_id": "CSAFPID-22009",
"product_identification_helper": {
"model_numbers": [
"1357828",
"1357850",
"1357840",
"1357875",
"1357842",
"1441187",
"1488318",
"1427378",
"1488314",
"1427379",
"1488325",
"1488326",
"1696708",
"1696779"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c3.57",
"product": {
"name": "Firmware \u003c3.57",
"product_id": "CSAFPID-21010",
"product_identification_helper": {
"model_numbers": [
"1006188",
"1006191",
"1009220",
"1009222",
"1031673",
"1031683",
"1043412",
"1043414",
"1043416",
"1043423",
"1043484",
"1043491",
"1043496",
"1043499",
"1044024",
"1044028",
"1044029",
"1044030",
"1088853",
"1088856",
"1088872",
"1088875",
"1089126",
"1089133",
"1089134",
"1089135",
"1089139",
"1089150",
"1089154",
"1089205",
"1095627",
"1095628",
"1106500",
"1106610",
"1106615",
"1106616",
"1106707",
"1184084",
"1215329",
"1215350",
"1278397",
"2702323",
"2702324",
"2702326",
"2702327",
"2702328",
"2702329",
"2702330",
"2702331",
"2702332",
"2702333",
"2702334",
"2702652",
"2702653",
"2702665",
"2702666",
"2702881",
"2702882",
"2702903",
"2702904",
"2702905",
"2702906",
"2702907",
"2702908",
"2702909",
"2702910",
"2702969",
"2702970",
"2702981"
]
}
}
},
{
"category": "product_version",
"name": "3.57",
"product": {
"name": "Firmware 3.57",
"product_id": "CSAFPID-22010",
"product_identification_helper": {
"model_numbers": [
"1006188",
"1006191",
"1009220",
"1009222",
"1031673",
"1031683",
"1043412",
"1043414",
"1043416",
"1043423",
"1043484",
"1043491",
"1043496",
"1043499",
"1044024",
"1044028",
"1044029",
"1044030",
"1088853",
"1088856",
"1088872",
"1088875",
"1089126",
"1089133",
"1089134",
"1089135",
"1089139",
"1089150",
"1089154",
"1089205",
"1095627",
"1095628",
"1106500",
"1106610",
"1106615",
"1106616",
"1106707",
"1184084",
"1215329",
"1215350",
"1278397",
"2702323",
"2702324",
"2702326",
"2702327",
"2702328",
"2702329",
"2702330",
"2702331",
"2702332",
"2702333",
"2702334",
"2702652",
"2702653",
"2702665",
"2702666",
"2702881",
"2702882",
"2702903",
"2702904",
"2702905",
"2702906",
"2702907",
"2702908",
"2702909",
"2702910",
"2702969",
"2702970",
"2702981"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c26.06.00",
"product": {
"name": "Firmware \u003c26.06.00",
"product_id": "CSAFPID-21011",
"product_identification_helper": {
"model_numbers": [
"2702992",
"1386091",
"1752493",
"1752496",
"1386092",
"2702993",
"1360276",
"1510249",
"1360275",
"1510147"
]
}
}
},
{
"category": "product_version",
"name": "26.06.00",
"product": {
"name": "Firmware 26.06.00",
"product_id": "CSAFPID-22011",
"product_identification_helper": {
"model_numbers": [
"2702992",
"1386091",
"1752493",
"1752496",
"1386092",
"2702993",
"1360276",
"1510249",
"1360275",
"1510147"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c3.8.9",
"product": {
"name": "Firmware \u003c3.8.9",
"product_id": "CSAFPID-21012",
"product_identification_helper": {
"model_numbers": [
"2702528",
"1632697",
"2702886",
"2702887",
"2702888",
"2702530",
"2702529",
"2702531",
"2702532",
"2702533"
]
}
}
},
{
"category": "product_version",
"name": "3.8.9",
"product": {
"name": "Firmware 3.8.9",
"product_id": "CSAFPID-22012",
"product_identification_helper": {
"model_numbers": [
"2702528",
"1632697",
"2702886",
"2702887",
"2702888",
"2702530",
"2702529",
"2702531",
"2702532",
"2702533"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.6.24",
"product": {
"name": "Firmware \u003c1.6.24",
"product_id": "CSAFPID-21013",
"product_identification_helper": {
"model_numbers": [
"1439475"
]
}
}
},
{
"category": "product_version",
"name": "1.6.24",
"product": {
"name": "Firmware 1.6.24",
"product_id": "CSAFPID-22013",
"product_identification_helper": {
"model_numbers": [
"1439475"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c3.7.8",
"product": {
"name": "Firmware \u003c3.7.8",
"product_id": "CSAFPID-21014",
"product_identification_helper": {
"model_numbers": [
"1221706",
"2702885"
]
}
}
},
{
"category": "product_version",
"name": "3.7.8",
"product": {
"name": "Firmware 3.7.8",
"product_id": "CSAFPID-22014",
"product_identification_helper": {
"model_numbers": [
"1221706",
"2702885"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c5.0.72.102",
"product": {
"name": "Firmware \u003c5.0.72.102",
"product_id": "CSAFPID-21015",
"product_identification_helper": {
"model_numbers": [
"1234352",
"1234353",
"1234354"
]
}
}
},
{
"category": "product_version",
"name": "5.0.72.102",
"product": {
"name": "Firmware 5.0.72.102",
"product_id": "CSAFPID-22015",
"product_identification_helper": {
"model_numbers": [
"1234352",
"1234353",
"1234354"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c5.0.71.101",
"product": {
"name": "Firmware \u003c5.0.71.101",
"product_id": "CSAFPID-21016",
"product_identification_helper": {
"model_numbers": [
"1107132"
]
}
}
},
{
"category": "product_version",
"name": "5.0.71.101",
"product": {
"name": "Firmware 5.0.71.101",
"product_id": "CSAFPID-22016",
"product_identification_helper": {
"model_numbers": [
"1107132"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c2025.6.3",
"product": {
"name": "Firmware \u003c2025.6.3",
"product_id": "CSAFPID-21017",
"product_identification_helper": {
"model_numbers": [
"1503433",
"1503487",
"1637527",
"1637627"
]
}
}
},
{
"category": "product_version",
"name": "2025.6.3",
"product": {
"name": "Firmware 2025.6.3",
"product_id": "CSAFPID-22017",
"product_identification_helper": {
"model_numbers": [
"1503433",
"1503487",
"1637527",
"1637627"
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.12.4",
"product": {
"name": "Firmware \u003c1.12.4",
"product_id": "CSAFPID-21018",
"product_identification_helper": {
"model_numbers": [
"2403160",
"2404671"
]
}
}
},
{
"category": "product_version",
"name": "1.12.4",
"product": {
"name": "Firmware 1.12.4",
"product_id": "CSAFPID-22018",
"product_identification_helper": {
"model_numbers": [
"2403160",
"2404671"
]
}
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.0",
"product": {
"name": "OpenSSL 3.0.0",
"product_id": "CSAFPID-51001",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "3.0.19",
"product": {
"name": "OpenSSL 3.0.19",
"product_id": "CSAFPID-52001",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openssl:openssl:3.0.14:-:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "3.0.18",
"product": {
"name": "OpenSSL 3.0.18",
"product_id": "CSAFPID-51002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openssl:openssl:3.0.13:-:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "OpenSSL Software Foundation"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043",
"CSAFPID-31044",
"CSAFPID-31045",
"CSAFPID-31046",
"CSAFPID-31047",
"CSAFPID-31048",
"CSAFPID-31049",
"CSAFPID-31050",
"CSAFPID-31051",
"CSAFPID-31052",
"CSAFPID-31053",
"CSAFPID-31054",
"CSAFPID-31055",
"CSAFPID-31056",
"CSAFPID-31057",
"CSAFPID-31058",
"CSAFPID-31059",
"CSAFPID-31060",
"CSAFPID-31061",
"CSAFPID-31062",
"CSAFPID-31063",
"CSAFPID-31064",
"CSAFPID-31065",
"CSAFPID-31066",
"CSAFPID-31067",
"CSAFPID-31068",
"CSAFPID-31069",
"CSAFPID-31070",
"CSAFPID-31071",
"CSAFPID-31072",
"CSAFPID-31073",
"CSAFPID-31074",
"CSAFPID-31075",
"CSAFPID-31076",
"CSAFPID-31077",
"CSAFPID-31078",
"CSAFPID-31079",
"CSAFPID-31080",
"CSAFPID-31081",
"CSAFPID-31082",
"CSAFPID-31083",
"CSAFPID-31084",
"CSAFPID-31085",
"CSAFPID-31086",
"CSAFPID-31087",
"CSAFPID-31088",
"CSAFPID-31089",
"CSAFPID-31090",
"CSAFPID-31091",
"CSAFPID-31092",
"CSAFPID-31093",
"CSAFPID-31094",
"CSAFPID-31095",
"CSAFPID-31096",
"CSAFPID-31097",
"CSAFPID-31098",
"CSAFPID-31099",
"CSAFPID-31100",
"CSAFPID-31101",
"CSAFPID-31102",
"CSAFPID-31103",
"CSAFPID-31104",
"CSAFPID-31105",
"CSAFPID-31106",
"CSAFPID-31107",
"CSAFPID-31108",
"CSAFPID-31109",
"CSAFPID-31110",
"CSAFPID-31111",
"CSAFPID-31112",
"CSAFPID-31113",
"CSAFPID-31114",
"CSAFPID-31115",
"CSAFPID-31116",
"CSAFPID-31117",
"CSAFPID-31118",
"CSAFPID-31119",
"CSAFPID-31120",
"CSAFPID-31121",
"CSAFPID-31122",
"CSAFPID-31123",
"CSAFPID-31124",
"CSAFPID-31125",
"CSAFPID-31126",
"CSAFPID-31127",
"CSAFPID-31128",
"CSAFPID-31129",
"CSAFPID-31130",
"CSAFPID-31131",
"CSAFPID-31132",
"CSAFPID-31133",
"CSAFPID-31134",
"CSAFPID-31135",
"CSAFPID-31136",
"CSAFPID-31137",
"CSAFPID-31138",
"CSAFPID-31139",
"CSAFPID-31140",
"CSAFPID-31141",
"CSAFPID-31142",
"CSAFPID-31143",
"CSAFPID-31144",
"CSAFPID-31145",
"CSAFPID-31146",
"CSAFPID-31147",
"CSAFPID-51001",
"CSAFPID-51002"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32013",
"CSAFPID-32017",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32127",
"CSAFPID-32128",
"CSAFPID-32129",
"CSAFPID-32130",
"CSAFPID-32131",
"CSAFPID-32132",
"CSAFPID-32133",
"CSAFPID-32134",
"CSAFPID-32135",
"CSAFPID-32136",
"CSAFPID-32137",
"CSAFPID-32138",
"CSAFPID-32139",
"CSAFPID-32144",
"CSAFPID-32145",
"CSAFPID-32146",
"CSAFPID-32147",
"CSAFPID-52001"
],
"summary": "Fixed Products."
},
{
"group_id": "CSAFGID-0003",
"product_ids": [
"CSAFPID-33018",
"CSAFPID-33019",
"CSAFPID-33020",
"CSAFPID-33021",
"CSAFPID-33022",
"CSAFPID-33023",
"CSAFPID-33024",
"CSAFPID-33025",
"CSAFPID-33040",
"CSAFPID-33041",
"CSAFPID-33042",
"CSAFPID-33043",
"CSAFPID-33044",
"CSAFPID-33045",
"CSAFPID-33046",
"CSAFPID-33047",
"CSAFPID-33048",
"CSAFPID-33049",
"CSAFPID-33050",
"CSAFPID-33051",
"CSAFPID-33052",
"CSAFPID-33053",
"CSAFPID-33054",
"CSAFPID-33055",
"CSAFPID-33056",
"CSAFPID-33057",
"CSAFPID-33058",
"CSAFPID-33059",
"CSAFPID-33060",
"CSAFPID-33061",
"CSAFPID-33062",
"CSAFPID-33063",
"CSAFPID-33064",
"CSAFPID-33065",
"CSAFPID-33066",
"CSAFPID-33067",
"CSAFPID-33068",
"CSAFPID-33069",
"CSAFPID-33070",
"CSAFPID-33071",
"CSAFPID-33072",
"CSAFPID-33073",
"CSAFPID-33074",
"CSAFPID-33075",
"CSAFPID-33076",
"CSAFPID-33077",
"CSAFPID-33078",
"CSAFPID-33079",
"CSAFPID-33080",
"CSAFPID-33081",
"CSAFPID-33082",
"CSAFPID-33083",
"CSAFPID-33084",
"CSAFPID-33085",
"CSAFPID-33086",
"CSAFPID-33087",
"CSAFPID-33088",
"CSAFPID-33089",
"CSAFPID-33090",
"CSAFPID-33091",
"CSAFPID-33092",
"CSAFPID-33093",
"CSAFPID-33094",
"CSAFPID-33095",
"CSAFPID-33096",
"CSAFPID-33097",
"CSAFPID-33098",
"CSAFPID-33099",
"CSAFPID-33100",
"CSAFPID-33101",
"CSAFPID-33102",
"CSAFPID-33103",
"CSAFPID-33104",
"CSAFPID-33105",
"CSAFPID-33106",
"CSAFPID-33107",
"CSAFPID-33108",
"CSAFPID-33109",
"CSAFPID-33110",
"CSAFPID-33111",
"CSAFPID-33112",
"CSAFPID-33113",
"CSAFPID-33114",
"CSAFPID-33115",
"CSAFPID-33116",
"CSAFPID-33117",
"CSAFPID-33118",
"CSAFPID-33119",
"CSAFPID-33120",
"CSAFPID-33121",
"CSAFPID-33122",
"CSAFPID-33123",
"CSAFPID-33124",
"CSAFPID-33125",
"CSAFPID-33126",
"CSAFPID-33140",
"CSAFPID-33141",
"CSAFPID-33142",
"CSAFPID-33143"
],
"summary": "Under investigation."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.9.0 installed on CHARX SEC-3150",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"model_numbers": [
"1138965"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.9.0 installed on CHARX SEC-3150",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"model_numbers": [
"1138965"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.9.0 installed on CHARX SEC-3100",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"model_numbers": [
"1139012"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.9.0 installed on CHARX SEC-3100",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"model_numbers": [
"1139012"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.9.0 installed on CHARX SEC-3050",
"product_id": "CSAFPID-32003",
"product_identification_helper": {
"model_numbers": [
"1139018"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.9.0 installed on CHARX SEC-3050",
"product_id": "CSAFPID-31003",
"product_identification_helper": {
"model_numbers": [
"1139018"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.9.0 installed on CHARX SEC-3000",
"product_id": "CSAFPID-32004",
"product_identification_helper": {
"model_numbers": [
"1139022"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.9.0 installed on CHARX SEC-3000",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"model_numbers": [
"1139022"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.17 installed on AXC F 1152",
"product_id": "CSAFPID-32005",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.17 installed on AXC F 1152",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.17 installed on AXC F 2152",
"product_id": "CSAFPID-32006",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.17 installed on AXC F 2152",
"product_id": "CSAFPID-31006",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.17 installed on GTC F 2172",
"product_id": "CSAFPID-32007",
"product_identification_helper": {
"model_numbers": [
"1079808"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.17 installed on GTC F 2172",
"product_id": "CSAFPID-31007",
"product_identification_helper": {
"model_numbers": [
"1079808"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.17 installed on AXC F 3152",
"product_id": "CSAFPID-32008",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.17 installed on AXC F 3152",
"product_id": "CSAFPID-31008",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.17 installed on RFC 4072S",
"product_id": "CSAFPID-32009",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.17 installed on RFC 4072S",
"product_id": "CSAFPID-31009",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.17 installed on NFC 482S",
"product_id": "CSAFPID-32010",
"product_identification_helper": {
"model_numbers": [
"1050841"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.17 installed on NFC 482S",
"product_id": "CSAFPID-31010",
"product_identification_helper": {
"model_numbers": [
"1050841"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.17 installed on BPC 9102S",
"product_id": "CSAFPID-32011",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.17 installed on BPC 9102S",
"product_id": "CSAFPID-31011",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.17 installed on RFC 4072R",
"product_id": "CSAFPID-32013",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.17 installed on RFC 4072R",
"product_id": "CSAFPID-31013",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2026.0.0 installed on AXC F 2000 EA",
"product_id": "CSAFPID-32017",
"product_identification_helper": {
"model_numbers": [
"1551772"
]
}
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2026.0.0 installed on AXC F 2000 EA",
"product_id": "CSAFPID-31017",
"product_identification_helper": {
"model_numbers": [
"1551772"
]
}
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V04.27.00.00 installed on Energy AXC PU",
"product_id": "CSAFPID-33018",
"product_identification_helper": {
"model_numbers": [
"1264327"
]
}
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV04.27.00.00 installed on Energy AXC PU",
"product_id": "CSAFPID-31018",
"product_identification_helper": {
"model_numbers": [
"1264327"
]
}
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V01.11.00.00 installed on SMART RTU AXC SG",
"product_id": "CSAFPID-33019",
"product_identification_helper": {
"model_numbers": [
"1110435"
]
}
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV01.11.00.00 installed on SMART RTU AXC SG",
"product_id": "CSAFPID-31019",
"product_identification_helper": {
"model_numbers": [
"1110435"
]
}
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V01.04.00.00 installed on SMART RTU AXC IG",
"product_id": "CSAFPID-33020",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
},
"product_reference": "CSAFPID-22007",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV01.04.00.00 installed on SMART RTU AXC IG",
"product_id": "CSAFPID-31020",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.12.4 installed on ILC 2050 BI",
"product_id": "CSAFPID-33021",
"product_identification_helper": {
"model_numbers": [
"2403160"
]
}
},
"product_reference": "CSAFPID-22018",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.12.4 installed on ILC 2050 BI",
"product_id": "CSAFPID-31021",
"product_identification_helper": {
"model_numbers": [
"2403160"
]
}
},
"product_reference": "CSAFPID-21018",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.12.4 installed on ILC 2050 BI-L",
"product_id": "CSAFPID-33022",
"product_identification_helper": {
"model_numbers": [
"2404671"
]
}
},
"product_reference": "CSAFPID-22018",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.12.4 installed on ILC 2050 BI-L",
"product_id": "CSAFPID-31022",
"product_identification_helper": {
"model_numbers": [
"2404671"
]
}
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.12.3 installed on ILC 2250 BI",
"product_id": "CSAFPID-33023",
"product_identification_helper": {
"model_numbers": [
"1541303"
]
}
},
"product_reference": "CSAFPID-22008",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.12.3 installed on ILC 2250 BI",
"product_id": "CSAFPID-31023",
"product_identification_helper": {
"model_numbers": [
"1541303"
]
}
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.12.3 installed on ILC 2250 BI-L",
"product_id": "CSAFPID-33024",
"product_identification_helper": {
"model_numbers": [
"1535543"
]
}
},
"product_reference": "CSAFPID-22008",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.12.3 installed on ILC 2250 BI-L",
"product_id": "CSAFPID-31024",
"product_identification_helper": {
"model_numbers": [
"1535543"
]
}
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.12.3 installed on CATAN C1 EN",
"product_id": "CSAFPID-33025",
"product_identification_helper": {
"model_numbers": [
"1371432"
]
}
},
"product_reference": "CSAFPID-22008",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.12.3 installed on CATAN C1 EN",
"product_id": "CSAFPID-31025",
"product_identification_helper": {
"model_numbers": [
"1371432"
]
}
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 2102",
"product_id": "CSAFPID-32026",
"product_identification_helper": {
"model_numbers": [
"1357828"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 2102",
"product_id": "CSAFPID-31026",
"product_identification_helper": {
"model_numbers": [
"1357828"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 2105",
"product_id": "CSAFPID-32027",
"product_identification_helper": {
"model_numbers": [
"1357850"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 2105",
"product_id": "CSAFPID-31027",
"product_identification_helper": {
"model_numbers": [
"1357850"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4302",
"product_id": "CSAFPID-32028",
"product_identification_helper": {
"model_numbers": [
"1357840"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4302",
"product_id": "CSAFPID-31028",
"product_identification_helper": {
"model_numbers": [
"1357840"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4305",
"product_id": "CSAFPID-32029",
"product_identification_helper": {
"model_numbers": [
"1357875"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4305",
"product_id": "CSAFPID-31029",
"product_identification_helper": {
"model_numbers": [
"1357875"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4102 PCIE",
"product_id": "CSAFPID-32030",
"product_identification_helper": {
"model_numbers": [
"1357842"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4102 PCIE",
"product_id": "CSAFPID-31030",
"product_identification_helper": {
"model_numbers": [
"1357842"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4102 PCI",
"product_id": "CSAFPID-32031",
"product_identification_helper": {
"model_numbers": [
"1441187"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4102 PCI",
"product_id": "CSAFPID-31031",
"product_identification_helper": {
"model_numbers": [
"1441187"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4302/K1",
"product_id": "CSAFPID-32032",
"product_identification_helper": {
"model_numbers": [
"1488318"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4302/K1",
"product_id": "CSAFPID-31032",
"product_identification_helper": {
"model_numbers": [
"1488318"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4102 PCIE/K2",
"product_id": "CSAFPID-32033",
"product_identification_helper": {
"model_numbers": [
"1427378"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11033"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4102 PCIE/K2",
"product_id": "CSAFPID-31033",
"product_identification_helper": {
"model_numbers": [
"1427378"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11033"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4102 PCI/K2",
"product_id": "CSAFPID-32034",
"product_identification_helper": {
"model_numbers": [
"1488314"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11034"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4102 PCI/K2",
"product_id": "CSAFPID-31034",
"product_identification_helper": {
"model_numbers": [
"1488314"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11034"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4302/K2",
"product_id": "CSAFPID-32035",
"product_identification_helper": {
"model_numbers": [
"1427379"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11035"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4302/K2",
"product_id": "CSAFPID-31035",
"product_identification_helper": {
"model_numbers": [
"1427379"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11035"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4302/K3",
"product_id": "CSAFPID-32036",
"product_identification_helper": {
"model_numbers": [
"1488325"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11036"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4302/K3",
"product_id": "CSAFPID-31036",
"product_identification_helper": {
"model_numbers": [
"1488325"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11036"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4302/K4",
"product_id": "CSAFPID-32037",
"product_identification_helper": {
"model_numbers": [
"1488326"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11037"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4302/K4",
"product_id": "CSAFPID-31037",
"product_identification_helper": {
"model_numbers": [
"1488326"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11037"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4302/KX",
"product_id": "CSAFPID-32038",
"product_identification_helper": {
"model_numbers": [
"1696708"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11038"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4302/KX",
"product_id": "CSAFPID-31038",
"product_identification_helper": {
"model_numbers": [
"1696708"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11038"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 10.6.1 installed on FL MGUARD 4305/KX",
"product_id": "CSAFPID-32039",
"product_identification_helper": {
"model_numbers": [
"1696779"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11039"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c10.6.1 installed on FL MGUARD 4305/KX",
"product_id": "CSAFPID-31039",
"product_identification_helper": {
"model_numbers": [
"1696779"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11039"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2005",
"product_id": "CSAFPID-33040",
"product_identification_helper": {
"model_numbers": [
"2702323"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11040"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2005",
"product_id": "CSAFPID-31040",
"product_identification_helper": {
"model_numbers": [
"2702323"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11040"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2008",
"product_id": "CSAFPID-33041",
"product_identification_helper": {
"model_numbers": [
"2702324"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11041"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2008",
"product_id": "CSAFPID-31041",
"product_identification_helper": {
"model_numbers": [
"2702324"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11041"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2008F",
"product_id": "CSAFPID-33042",
"product_identification_helper": {
"model_numbers": [
"1106707"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11042"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2008F",
"product_id": "CSAFPID-31042",
"product_identification_helper": {
"model_numbers": [
"1106707"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11042"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2016",
"product_id": "CSAFPID-33043",
"product_identification_helper": {
"model_numbers": [
"2702903"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11043"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2016",
"product_id": "CSAFPID-31043",
"product_identification_helper": {
"model_numbers": [
"2702903"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11043"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2105",
"product_id": "CSAFPID-33044",
"product_identification_helper": {
"model_numbers": [
"2702665"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11044"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2105",
"product_id": "CSAFPID-31044",
"product_identification_helper": {
"model_numbers": [
"2702665"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11044"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2108",
"product_id": "CSAFPID-33045",
"product_identification_helper": {
"model_numbers": [
"2702666"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11045"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2108",
"product_id": "CSAFPID-31045",
"product_identification_helper": {
"model_numbers": [
"2702666"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11045"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2116",
"product_id": "CSAFPID-33046",
"product_identification_helper": {
"model_numbers": [
"2702908"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11046"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2116",
"product_id": "CSAFPID-31046",
"product_identification_helper": {
"model_numbers": [
"2702908"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11046"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2204-2TC-2SFX",
"product_id": "CSAFPID-33047",
"product_identification_helper": {
"model_numbers": [
"2702334"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11047"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2204-2TC-2SFX",
"product_id": "CSAFPID-31047",
"product_identification_helper": {
"model_numbers": [
"2702334"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11047"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2205",
"product_id": "CSAFPID-33048",
"product_identification_helper": {
"model_numbers": [
"2702326"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11048"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2205",
"product_id": "CSAFPID-31048",
"product_identification_helper": {
"model_numbers": [
"2702326"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11048"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2206-2FX",
"product_id": "CSAFPID-33049",
"product_identification_helper": {
"model_numbers": [
"2702330"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11049"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2206-2FX",
"product_id": "CSAFPID-31049",
"product_identification_helper": {
"model_numbers": [
"2702330"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11049"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2206-2FX SM",
"product_id": "CSAFPID-33050",
"product_identification_helper": {
"model_numbers": [
"2702331"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11050"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2206-2FX SM",
"product_id": "CSAFPID-31050",
"product_identification_helper": {
"model_numbers": [
"2702331"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11050"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2206-2FX SM ST",
"product_id": "CSAFPID-33051",
"product_identification_helper": {
"model_numbers": [
"2702333"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11051"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2206-2FX SM ST",
"product_id": "CSAFPID-31051",
"product_identification_helper": {
"model_numbers": [
"2702333"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11051"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2206-2FX ST",
"product_id": "CSAFPID-33052",
"product_identification_helper": {
"model_numbers": [
"2702332"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11052"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2206-2FX ST",
"product_id": "CSAFPID-31052",
"product_identification_helper": {
"model_numbers": [
"2702332"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11052"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2206-2SFX",
"product_id": "CSAFPID-33053",
"product_identification_helper": {
"model_numbers": [
"2702969"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11053"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2206-2SFX",
"product_id": "CSAFPID-31053",
"product_identification_helper": {
"model_numbers": [
"2702969"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11053"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2206-2SFX PN",
"product_id": "CSAFPID-33054",
"product_identification_helper": {
"model_numbers": [
"1044028"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11054"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2206-2SFX PN",
"product_id": "CSAFPID-31054",
"product_identification_helper": {
"model_numbers": [
"1044028"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11054"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2206C-2FX",
"product_id": "CSAFPID-33055",
"product_identification_helper": {
"model_numbers": [
"1095628"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11055"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2206C-2FX",
"product_id": "CSAFPID-31055",
"product_identification_helper": {
"model_numbers": [
"1095628"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11055"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2207-FX",
"product_id": "CSAFPID-33056",
"product_identification_helper": {
"model_numbers": [
"2702328"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11056"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2207-FX",
"product_id": "CSAFPID-31056",
"product_identification_helper": {
"model_numbers": [
"2702328"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11056"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2207-FX SM",
"product_id": "CSAFPID-33057",
"product_identification_helper": {
"model_numbers": [
"2702329"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11057"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2207-FX SM",
"product_id": "CSAFPID-31057",
"product_identification_helper": {
"model_numbers": [
"2702329"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11057"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2208",
"product_id": "CSAFPID-33058",
"product_identification_helper": {
"model_numbers": [
"2702327"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11058"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2208",
"product_id": "CSAFPID-31058",
"product_identification_helper": {
"model_numbers": [
"2702327"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11058"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2208 PN",
"product_id": "CSAFPID-33059",
"product_identification_helper": {
"model_numbers": [
"1044024"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11059"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2208 PN",
"product_id": "CSAFPID-31059",
"product_identification_helper": {
"model_numbers": [
"1044024"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11059"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2208C",
"product_id": "CSAFPID-33060",
"product_identification_helper": {
"model_numbers": [
"1095627"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11060"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2208C",
"product_id": "CSAFPID-31060",
"product_identification_helper": {
"model_numbers": [
"1095627"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11060"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2212-2TC-2SFX",
"product_id": "CSAFPID-33061",
"product_identification_helper": {
"model_numbers": [
"2702907"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11061"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2212-2TC-2SFX",
"product_id": "CSAFPID-31061",
"product_identification_helper": {
"model_numbers": [
"2702907"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11061"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2214-2FX",
"product_id": "CSAFPID-33062",
"product_identification_helper": {
"model_numbers": [
"2702905"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11062"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2214-2FX",
"product_id": "CSAFPID-31062",
"product_identification_helper": {
"model_numbers": [
"2702905"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11062"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2214-2FX SM",
"product_id": "CSAFPID-33063",
"product_identification_helper": {
"model_numbers": [
"2702906"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11063"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2214-2FX SM",
"product_id": "CSAFPID-31063",
"product_identification_helper": {
"model_numbers": [
"2702906"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11063"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2214-2SFX",
"product_id": "CSAFPID-33064",
"product_identification_helper": {
"model_numbers": [
"1006188"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11064"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2214-2SFX",
"product_id": "CSAFPID-31064",
"product_identification_helper": {
"model_numbers": [
"1006188"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11064"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2214-2SFX PN",
"product_id": "CSAFPID-33065",
"product_identification_helper": {
"model_numbers": [
"1044030"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11065"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2214-2SFX PN",
"product_id": "CSAFPID-31065",
"product_identification_helper": {
"model_numbers": [
"1044030"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11065"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2216",
"product_id": "CSAFPID-33066",
"product_identification_helper": {
"model_numbers": [
"2702904"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11066"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2216",
"product_id": "CSAFPID-31066",
"product_identification_helper": {
"model_numbers": [
"2702904"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11066"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2216 PN",
"product_id": "CSAFPID-33067",
"product_identification_helper": {
"model_numbers": [
"1044029"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11067"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2216 PN",
"product_id": "CSAFPID-31067",
"product_identification_helper": {
"model_numbers": [
"1044029"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11067"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2303-8SP1",
"product_id": "CSAFPID-33068",
"product_identification_helper": {
"model_numbers": [
"1278397"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11068"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2303-8SP1",
"product_id": "CSAFPID-31068",
"product_identification_helper": {
"model_numbers": [
"1278397"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11068"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2304-2GC-2SFP",
"product_id": "CSAFPID-33069",
"product_identification_helper": {
"model_numbers": [
"2702653"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11069"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2304-2GC-2SFP",
"product_id": "CSAFPID-31069",
"product_identification_helper": {
"model_numbers": [
"2702653"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11069"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2306-2SFP",
"product_id": "CSAFPID-33070",
"product_identification_helper": {
"model_numbers": [
"2702970"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11070"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2306-2SFP",
"product_id": "CSAFPID-31070",
"product_identification_helper": {
"model_numbers": [
"2702970"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11070"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2306-2SFP PN",
"product_id": "CSAFPID-33071",
"product_identification_helper": {
"model_numbers": [
"1009222"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11071"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2306-2SFP PN",
"product_id": "CSAFPID-31071",
"product_identification_helper": {
"model_numbers": [
"1009222"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11071"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2308",
"product_id": "CSAFPID-33072",
"product_identification_helper": {
"model_numbers": [
"2702652"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11072"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2308",
"product_id": "CSAFPID-31072",
"product_identification_helper": {
"model_numbers": [
"2702652"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11072"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2308 PN",
"product_id": "CSAFPID-33073",
"product_identification_helper": {
"model_numbers": [
"1009220"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11073"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2308 PN",
"product_id": "CSAFPID-31073",
"product_identification_helper": {
"model_numbers": [
"1009220"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11073"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2312-2GC-2SFP",
"product_id": "CSAFPID-33074",
"product_identification_helper": {
"model_numbers": [
"2702910"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11074"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2312-2GC-2SFP",
"product_id": "CSAFPID-31074",
"product_identification_helper": {
"model_numbers": [
"2702910"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11074"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2314-2SFP",
"product_id": "CSAFPID-33075",
"product_identification_helper": {
"model_numbers": [
"1006191"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11075"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2314-2SFP",
"product_id": "CSAFPID-31075",
"product_identification_helper": {
"model_numbers": [
"1006191"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11075"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2314-2SFP PN",
"product_id": "CSAFPID-33076",
"product_identification_helper": {
"model_numbers": [
"1031683"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11076"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2314-2SFP PN",
"product_id": "CSAFPID-31076",
"product_identification_helper": {
"model_numbers": [
"1031683"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11076"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2316",
"product_id": "CSAFPID-33077",
"product_identification_helper": {
"model_numbers": [
"2702909"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11077"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2316",
"product_id": "CSAFPID-31077",
"product_identification_helper": {
"model_numbers": [
"2702909"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11077"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2316 PN",
"product_id": "CSAFPID-33078",
"product_identification_helper": {
"model_numbers": [
"1031673"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11078"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2316 PN",
"product_id": "CSAFPID-31078",
"product_identification_helper": {
"model_numbers": [
"1031673"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11078"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2316/K1",
"product_id": "CSAFPID-33079",
"product_identification_helper": {
"model_numbers": [
"1184084"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11079"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2316/K1",
"product_id": "CSAFPID-31079",
"product_identification_helper": {
"model_numbers": [
"1184084"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11079"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2404-2TC-2SFX",
"product_id": "CSAFPID-33080",
"product_identification_helper": {
"model_numbers": [
"1088853"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11080"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2404-2TC-2SFX",
"product_id": "CSAFPID-31080",
"product_identification_helper": {
"model_numbers": [
"1088853"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11080"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2406-2SFX",
"product_id": "CSAFPID-33081",
"product_identification_helper": {
"model_numbers": [
"1043414"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11081"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2406-2SFX",
"product_id": "CSAFPID-31081",
"product_identification_helper": {
"model_numbers": [
"1043414"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11081"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2406-2SFX PN",
"product_id": "CSAFPID-33082",
"product_identification_helper": {
"model_numbers": [
"1089126"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11082"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2406-2SFX PN",
"product_id": "CSAFPID-31082",
"product_identification_helper": {
"model_numbers": [
"1089126"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11082"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2408",
"product_id": "CSAFPID-33083",
"product_identification_helper": {
"model_numbers": [
"1043412"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11083"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2408",
"product_id": "CSAFPID-31083",
"product_identification_helper": {
"model_numbers": [
"1043412"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11083"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2408 PN",
"product_id": "CSAFPID-33084",
"product_identification_helper": {
"model_numbers": [
"1089133"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11084"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2408 PN",
"product_id": "CSAFPID-31084",
"product_identification_helper": {
"model_numbers": [
"1089133"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11084"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2412-2TC-2SFX",
"product_id": "CSAFPID-33085",
"product_identification_helper": {
"model_numbers": [
"1088875"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11085"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2412-2TC-2SFX",
"product_id": "CSAFPID-31085",
"product_identification_helper": {
"model_numbers": [
"1088875"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11085"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2414-2SFX",
"product_id": "CSAFPID-33086",
"product_identification_helper": {
"model_numbers": [
"1043423"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11086"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2414-2SFX",
"product_id": "CSAFPID-31086",
"product_identification_helper": {
"model_numbers": [
"1043423"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11086"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2414-2SFX PN",
"product_id": "CSAFPID-33087",
"product_identification_helper": {
"model_numbers": [
"1089139"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11087"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2414-2SFX PN",
"product_id": "CSAFPID-31087",
"product_identification_helper": {
"model_numbers": [
"1089139"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11087"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2416",
"product_id": "CSAFPID-33088",
"product_identification_helper": {
"model_numbers": [
"1043416"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11088"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2416",
"product_id": "CSAFPID-31088",
"product_identification_helper": {
"model_numbers": [
"1043416"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11088"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2416 PN",
"product_id": "CSAFPID-33089",
"product_identification_helper": {
"model_numbers": [
"1089150"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11089"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2416 PN",
"product_id": "CSAFPID-31089",
"product_identification_helper": {
"model_numbers": [
"1089150"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11089"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2504-2GC-2SFP",
"product_id": "CSAFPID-33090",
"product_identification_helper": {
"model_numbers": [
"1088872"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11090"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2504-2GC-2SFP",
"product_id": "CSAFPID-31090",
"product_identification_helper": {
"model_numbers": [
"1088872"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11090"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2506-2SFP",
"product_id": "CSAFPID-33091",
"product_identification_helper": {
"model_numbers": [
"1043491"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11091"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2506-2SFP",
"product_id": "CSAFPID-31091",
"product_identification_helper": {
"model_numbers": [
"1043491"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11091"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2506-2SFP PN",
"product_id": "CSAFPID-33092",
"product_identification_helper": {
"model_numbers": [
"1089135"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11092"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2506-2SFP PN",
"product_id": "CSAFPID-31092",
"product_identification_helper": {
"model_numbers": [
"1089135"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11092"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2506-2SFP/K1",
"product_id": "CSAFPID-33093",
"product_identification_helper": {
"model_numbers": [
"1215329"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11093"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2506-2SFP/K1",
"product_id": "CSAFPID-31093",
"product_identification_helper": {
"model_numbers": [
"1215329"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11093"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2508",
"product_id": "CSAFPID-33094",
"product_identification_helper": {
"model_numbers": [
"1043484"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11094"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2508",
"product_id": "CSAFPID-31094",
"product_identification_helper": {
"model_numbers": [
"1043484"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11094"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2508 PN",
"product_id": "CSAFPID-33095",
"product_identification_helper": {
"model_numbers": [
"1089134"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11095"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2508 PN",
"product_id": "CSAFPID-31095",
"product_identification_helper": {
"model_numbers": [
"1089134"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11095"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2508/K1",
"product_id": "CSAFPID-33096",
"product_identification_helper": {
"model_numbers": [
"1215350"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11096"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2508/K1",
"product_id": "CSAFPID-31096",
"product_identification_helper": {
"model_numbers": [
"1215350"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11096"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2512-2GC-2SFP",
"product_id": "CSAFPID-33097",
"product_identification_helper": {
"model_numbers": [
"1088856"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11097"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2512-2GC-2SFP",
"product_id": "CSAFPID-31097",
"product_identification_helper": {
"model_numbers": [
"1088856"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11097"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2514-2SFP",
"product_id": "CSAFPID-33098",
"product_identification_helper": {
"model_numbers": [
"1043499"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11098"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2514-2SFP",
"product_id": "CSAFPID-31098",
"product_identification_helper": {
"model_numbers": [
"1043499"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11098"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2514-2SFP PN",
"product_id": "CSAFPID-33099",
"product_identification_helper": {
"model_numbers": [
"1089154"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11099"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2514-2SFP PN",
"product_id": "CSAFPID-31099",
"product_identification_helper": {
"model_numbers": [
"1089154"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11099"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2516",
"product_id": "CSAFPID-33100",
"product_identification_helper": {
"model_numbers": [
"1043496"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11100"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2516",
"product_id": "CSAFPID-31100",
"product_identification_helper": {
"model_numbers": [
"1043496"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11100"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2516 PN",
"product_id": "CSAFPID-33101",
"product_identification_helper": {
"model_numbers": [
"1089205"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11101"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2516 PN",
"product_id": "CSAFPID-31101",
"product_identification_helper": {
"model_numbers": [
"1089205"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11101"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2608",
"product_id": "CSAFPID-33102",
"product_identification_helper": {
"model_numbers": [
"1106500"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11102"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2608",
"product_id": "CSAFPID-31102",
"product_identification_helper": {
"model_numbers": [
"1106500"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11102"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2608 PN",
"product_id": "CSAFPID-33103",
"product_identification_helper": {
"model_numbers": [
"1106616"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11103"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2608 PN",
"product_id": "CSAFPID-31103",
"product_identification_helper": {
"model_numbers": [
"1106616"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11103"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2708",
"product_id": "CSAFPID-33104",
"product_identification_helper": {
"model_numbers": [
"1106615"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11104"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2708",
"product_id": "CSAFPID-31104",
"product_identification_helper": {
"model_numbers": [
"1106615"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11104"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 2708 PN",
"product_id": "CSAFPID-33105",
"product_identification_helper": {
"model_numbers": [
"1106610"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11105"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 2708 PN",
"product_id": "CSAFPID-31105",
"product_identification_helper": {
"model_numbers": [
"1106610"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11105"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL NAT 2008",
"product_id": "CSAFPID-33106",
"product_identification_helper": {
"model_numbers": [
"2702881"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11106"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL NAT 2008",
"product_id": "CSAFPID-31106",
"product_identification_helper": {
"model_numbers": [
"2702881"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11106"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL NAT 2208",
"product_id": "CSAFPID-33107",
"product_identification_helper": {
"model_numbers": [
"2702882"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11107"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL NAT 2208",
"product_id": "CSAFPID-31107",
"product_identification_helper": {
"model_numbers": [
"2702882"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11107"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL NAT 2304-2GC-2SFP",
"product_id": "CSAFPID-33108",
"product_identification_helper": {
"model_numbers": [
"2702981"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11108"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL NAT 2304-2GC-2SFP",
"product_id": "CSAFPID-31108",
"product_identification_helper": {
"model_numbers": [
"2702981"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11108"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH TSN 2316",
"product_id": "CSAFPID-33109",
"product_identification_helper": {
"model_numbers": [
"1232304"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11109"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH TSN 2316",
"product_id": "CSAFPID-31109",
"product_identification_helper": {
"model_numbers": [
"1232304"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11109"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH TSN 2312-2GC-2SFP",
"product_id": "CSAFPID-33110",
"product_identification_helper": {
"model_numbers": [
"1232305"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11110"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH TSN 2312-2GC-2SFP",
"product_id": "CSAFPID-31110",
"product_identification_helper": {
"model_numbers": [
"1232305"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11110"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH TSN 2314-2SFP",
"product_id": "CSAFPID-33111",
"product_identification_helper": {
"model_numbers": [
"1232302"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11111"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH TSN 2314-2SFP",
"product_id": "CSAFPID-31111",
"product_identification_helper": {
"model_numbers": [
"1232302"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11111"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 5924-4GC",
"product_id": "CSAFPID-33112",
"product_identification_helper": {
"model_numbers": [
"1525945"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11112"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 5924-4GC",
"product_id": "CSAFPID-31112",
"product_identification_helper": {
"model_numbers": [
"1525945"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11112"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 5916-8GC-4SFP+",
"product_id": "CSAFPID-33113",
"product_identification_helper": {
"model_numbers": [
"1525942"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11113"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 5916-8GC-4SFP+",
"product_id": "CSAFPID-31113",
"product_identification_helper": {
"model_numbers": [
"1525942"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11113"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 5924SFP-4GC",
"product_id": "CSAFPID-33114",
"product_identification_helper": {
"model_numbers": [
"1525944"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11114"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 5924SFP-4GC",
"product_id": "CSAFPID-31114",
"product_identification_helper": {
"model_numbers": [
"1525944"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11114"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 5924-4SFP+",
"product_id": "CSAFPID-33115",
"product_identification_helper": {
"model_numbers": [
"1525939"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11115"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 5924-4SFP+",
"product_id": "CSAFPID-31115",
"product_identification_helper": {
"model_numbers": [
"1525939"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11115"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.57 installed on FL SWITCH 5916SFP-8GC-4SFP+",
"product_id": "CSAFPID-33116",
"product_identification_helper": {
"model_numbers": [
"1525943"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11116"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.57 installed on FL SWITCH 5916SFP-8GC-4SFP+",
"product_id": "CSAFPID-31116",
"product_identification_helper": {
"model_numbers": [
"1525943"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11116"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 1020",
"product_id": "CSAFPID-33117",
"product_identification_helper": {
"model_numbers": [
"2702992"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11117"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 1020",
"product_id": "CSAFPID-31117",
"product_identification_helper": {
"model_numbers": [
"2702992"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11117"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 1120",
"product_id": "CSAFPID-33118",
"product_identification_helper": {
"model_numbers": [
"1386091"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11118"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 1120",
"product_id": "CSAFPID-31118",
"product_identification_helper": {
"model_numbers": [
"1386091"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11118"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 1022",
"product_id": "CSAFPID-33119",
"product_identification_helper": {
"model_numbers": [
"1752493"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11119"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 1022",
"product_id": "CSAFPID-31119",
"product_identification_helper": {
"model_numbers": [
"1752493"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11119"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 1122",
"product_id": "CSAFPID-33120",
"product_identification_helper": {
"model_numbers": [
"1752496"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11120"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 1122",
"product_id": "CSAFPID-31120",
"product_identification_helper": {
"model_numbers": [
"1752496"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11120"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 1121",
"product_id": "CSAFPID-33121",
"product_identification_helper": {
"model_numbers": [
"1386092"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11121"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 1121",
"product_id": "CSAFPID-31121",
"product_identification_helper": {
"model_numbers": [
"1386092"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11121"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 1021",
"product_id": "CSAFPID-33122",
"product_identification_helper": {
"model_numbers": [
"2702993"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11122"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 1021",
"product_id": "CSAFPID-31122",
"product_identification_helper": {
"model_numbers": [
"2702993"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11122"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 2331",
"product_id": "CSAFPID-33123",
"product_identification_helper": {
"model_numbers": [
"1360276"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11123"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 2331",
"product_id": "CSAFPID-31123",
"product_identification_helper": {
"model_numbers": [
"1360276"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11123"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 2341",
"product_id": "CSAFPID-33124",
"product_identification_helper": {
"model_numbers": [
"1510249"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11124"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 2341",
"product_id": "CSAFPID-31124",
"product_identification_helper": {
"model_numbers": [
"1510249"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11124"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 2330",
"product_id": "CSAFPID-33125",
"product_identification_helper": {
"model_numbers": [
"1360275"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11125"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 2330",
"product_id": "CSAFPID-31125",
"product_identification_helper": {
"model_numbers": [
"1360275"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11125"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 26.06.00 installed on FL WLAN 2340",
"product_id": "CSAFPID-33126",
"product_identification_helper": {
"model_numbers": [
"1510147"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11126"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c26.06.00 installed on FL WLAN 2340",
"product_id": "CSAFPID-31126",
"product_identification_helper": {
"model_numbers": [
"1510147"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11126"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC ROUTER 3002T-4G",
"product_id": "CSAFPID-32127",
"product_identification_helper": {
"model_numbers": [
"2702528"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11127"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC ROUTER 3002T-4G",
"product_id": "CSAFPID-31127",
"product_identification_helper": {
"model_numbers": [
"2702528"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11127"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC ROUTER 3002T-4G GL",
"product_id": "CSAFPID-32128",
"product_identification_helper": {
"model_numbers": [
"1632697"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11128"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC ROUTER 3002T-4G GL",
"product_id": "CSAFPID-31128",
"product_identification_helper": {
"model_numbers": [
"1632697"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11128"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.6.24 installed on TC ROUTER 5004T-5G EU",
"product_id": "CSAFPID-32129",
"product_identification_helper": {
"model_numbers": [
"1439475"
]
}
},
"product_reference": "CSAFPID-22013",
"relates_to_product_reference": "CSAFPID-11129"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.6.24 installed on TC ROUTER 5004T-5G EU",
"product_id": "CSAFPID-31129",
"product_identification_helper": {
"model_numbers": [
"1439475"
]
}
},
"product_reference": "CSAFPID-21013",
"relates_to_product_reference": "CSAFPID-11129"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.7.8 installed on CLOUD CLIENT 1101T-TX/TX",
"product_id": "CSAFPID-32130",
"product_identification_helper": {
"model_numbers": [
"1221706"
]
}
},
"product_reference": "CSAFPID-22014",
"relates_to_product_reference": "CSAFPID-11130"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.7.8 installed on CLOUD CLIENT 1101T-TX/TX",
"product_id": "CSAFPID-31130",
"product_identification_helper": {
"model_numbers": [
"1221706"
]
}
},
"product_reference": "CSAFPID-21014",
"relates_to_product_reference": "CSAFPID-11130"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.7.8 installed on TC CLOUD CLIENT 1002-TX/TX",
"product_id": "CSAFPID-32131",
"product_identification_helper": {
"model_numbers": [
"2702885"
]
}
},
"product_reference": "CSAFPID-22014",
"relates_to_product_reference": "CSAFPID-11131"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.7.8 installed on TC CLOUD CLIENT 1002-TX/TX",
"product_id": "CSAFPID-31131",
"product_identification_helper": {
"model_numbers": [
"2702885"
]
}
},
"product_reference": "CSAFPID-21014",
"relates_to_product_reference": "CSAFPID-11131"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC CLOUD CLIENT 1002-4G",
"product_id": "CSAFPID-32132",
"product_identification_helper": {
"model_numbers": [
"2702886"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11132"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC CLOUD CLIENT 1002-4G",
"product_id": "CSAFPID-31132",
"product_identification_helper": {
"model_numbers": [
"2702886"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11132"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC CLOUD CLIENT 1002-4G VZW",
"product_id": "CSAFPID-32133",
"product_identification_helper": {
"model_numbers": [
"2702887"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11133"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC CLOUD CLIENT 1002-4G VZW",
"product_id": "CSAFPID-31133",
"product_identification_helper": {
"model_numbers": [
"2702887"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11133"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC CLOUD CLIENT 1002-4G ATT",
"product_id": "CSAFPID-32134",
"product_identification_helper": {
"model_numbers": [
"2702888"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11134"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC CLOUD CLIENT 1002-4G ATT",
"product_id": "CSAFPID-31134",
"product_identification_helper": {
"model_numbers": [
"2702888"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11134"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC ROUTER 2002T-4G",
"product_id": "CSAFPID-32135",
"product_identification_helper": {
"model_numbers": [
"2702530"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11135"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC ROUTER 2002T-4G",
"product_id": "CSAFPID-31135",
"product_identification_helper": {
"model_numbers": [
"2702530"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11135"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC ROUTER 3002T-3G",
"product_id": "CSAFPID-32136",
"product_identification_helper": {
"model_numbers": [
"2702529"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11136"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC ROUTER 3002T-3G",
"product_id": "CSAFPID-31136",
"product_identification_helper": {
"model_numbers": [
"2702529"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11136"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC ROUTER 2002T-3G",
"product_id": "CSAFPID-32137",
"product_identification_helper": {
"model_numbers": [
"2702531"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11137"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC ROUTER 2002T-3G",
"product_id": "CSAFPID-31137",
"product_identification_helper": {
"model_numbers": [
"2702531"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11137"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC ROUTER 3002T-4G VZW",
"product_id": "CSAFPID-32138",
"product_identification_helper": {
"model_numbers": [
"2702532"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11138"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC ROUTER 3002T-4G VZW",
"product_id": "CSAFPID-31138",
"product_identification_helper": {
"model_numbers": [
"2702532"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11138"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.8.9 installed on TC ROUTER 3002T-4G ATT",
"product_id": "CSAFPID-32139",
"product_identification_helper": {
"model_numbers": [
"2702533"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11139"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.8.9 installed on TC ROUTER 3002T-4G ATT",
"product_id": "CSAFPID-31139",
"product_identification_helper": {
"model_numbers": [
"2702533"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11139"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 5.0.72.102 installed on TC ROUTER 4002T-4G EU",
"product_id": "CSAFPID-33140",
"product_identification_helper": {
"model_numbers": [
"1234352"
]
}
},
"product_reference": "CSAFPID-22015",
"relates_to_product_reference": "CSAFPID-11140"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c5.0.72.102 installed on TC ROUTER 4002T-4G EU",
"product_id": "CSAFPID-31140",
"product_identification_helper": {
"model_numbers": [
"1234352"
]
}
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-11140"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 5.0.72.102 installed on TC ROUTER 4102T-4G EU WLAN",
"product_id": "CSAFPID-33141",
"product_identification_helper": {
"model_numbers": [
"1234353"
]
}
},
"product_reference": "CSAFPID-22015",
"relates_to_product_reference": "CSAFPID-11141"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c5.0.72.102 installed on TC ROUTER 4102T-4G EU WLAN",
"product_id": "CSAFPID-31141",
"product_identification_helper": {
"model_numbers": [
"1234353"
]
}
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-11141"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 5.0.72.102 installed on TC ROUTER 4202T-4G EU WLAN",
"product_id": "CSAFPID-33142",
"product_identification_helper": {
"model_numbers": [
"1234354"
]
}
},
"product_reference": "CSAFPID-22015",
"relates_to_product_reference": "CSAFPID-11142"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c5.0.72.102 installed on TC ROUTER 4202T-4G EU WLAN",
"product_id": "CSAFPID-31142",
"product_identification_helper": {
"model_numbers": [
"1234354"
]
}
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-11142"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 5.0.71.101 installed on FL TIMESERVER NTP",
"product_id": "CSAFPID-33143",
"product_identification_helper": {
"model_numbers": [
"1107132"
]
}
},
"product_reference": "CSAFPID-22016",
"relates_to_product_reference": "CSAFPID-11143"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c5.0.71.101 installed on FL TIMESERVER NTP",
"product_id": "CSAFPID-31143",
"product_identification_helper": {
"model_numbers": [
"1107132"
]
}
},
"product_reference": "CSAFPID-21016",
"relates_to_product_reference": "CSAFPID-11143"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2025.6.3 installed on CELLULINK 2401-4G EU M25",
"product_id": "CSAFPID-32144",
"product_identification_helper": {
"model_numbers": [
"1503433"
]
}
},
"product_reference": "CSAFPID-22017",
"relates_to_product_reference": "CSAFPID-11144"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2025.6.3 installed on CELLULINK 2401-4G EU M25",
"product_id": "CSAFPID-31144",
"product_identification_helper": {
"model_numbers": [
"1503433"
]
}
},
"product_reference": "CSAFPID-21017",
"relates_to_product_reference": "CSAFPID-11144"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2025.6.3 installed on CELLULINK 2401-4G EU M40",
"product_id": "CSAFPID-32145",
"product_identification_helper": {
"model_numbers": [
"1503487"
]
}
},
"product_reference": "CSAFPID-22017",
"relates_to_product_reference": "CSAFPID-11145"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2025.6.3 installed on CELLULINK 2401-4G EU M40",
"product_id": "CSAFPID-31145",
"product_identification_helper": {
"model_numbers": [
"1503487"
]
}
},
"product_reference": "CSAFPID-21017",
"relates_to_product_reference": "CSAFPID-11145"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2025.6.3 installed on CELLULINK 4401-4G GL M25",
"product_id": "CSAFPID-32146",
"product_identification_helper": {
"model_numbers": [
"1637527"
]
}
},
"product_reference": "CSAFPID-22017",
"relates_to_product_reference": "CSAFPID-11146"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2025.6.3 installed on CELLULINK 4401-4G GL M25",
"product_id": "CSAFPID-31146",
"product_identification_helper": {
"model_numbers": [
"1637527"
]
}
},
"product_reference": "CSAFPID-21017",
"relates_to_product_reference": "CSAFPID-11146"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2025.6.3 installed on CELLULINK 4401-4G GL M40",
"product_id": "CSAFPID-32147",
"product_identification_helper": {
"model_numbers": [
"1637627"
]
}
},
"product_reference": "CSAFPID-22017",
"relates_to_product_reference": "CSAFPID-11147"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2025.6.3 installed on CELLULINK 4401-4G GL M40",
"product_id": "CSAFPID-31147",
"product_identification_helper": {
"model_numbers": [
"1637627"
]
}
},
"product_reference": "CSAFPID-21017",
"relates_to_product_reference": "CSAFPID-11147"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE Description"
},
{
"audience": "all",
"category": "details",
"text": "PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.",
"title": "CVE Details"
},
{
"audience": "operational management and system administrators",
"category": "details",
"text": "The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.",
"title": "CVE Impact"
},
{
"audience": "Operational management and system administrators",
"category": "details",
"text": "This vulnerability can be used to upload a malicious firmware image from an untrusted source. In the device context, there are two deviations from the original CVSS assessment. An attacker must trick the authenticated user into uploading malicious firmware without checking the SHA256 checksum (UI:R). The firmware upload function is only available to users with high privileges (PR:H).",
"title": "CVE Characterisation"
}
],
"product_status": {
"first_affected": [
"CSAFPID-51001"
],
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32013",
"CSAFPID-32017",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32127",
"CSAFPID-32128",
"CSAFPID-32129",
"CSAFPID-32130",
"CSAFPID-32131",
"CSAFPID-32132",
"CSAFPID-32133",
"CSAFPID-32134",
"CSAFPID-32135",
"CSAFPID-32136",
"CSAFPID-32137",
"CSAFPID-32138",
"CSAFPID-32139",
"CSAFPID-32144",
"CSAFPID-32145",
"CSAFPID-32146",
"CSAFPID-32147",
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043",
"CSAFPID-31044",
"CSAFPID-31045",
"CSAFPID-31046",
"CSAFPID-31047",
"CSAFPID-31048",
"CSAFPID-31049",
"CSAFPID-31050",
"CSAFPID-31051",
"CSAFPID-31052",
"CSAFPID-31053",
"CSAFPID-31054",
"CSAFPID-31055",
"CSAFPID-31056",
"CSAFPID-31057",
"CSAFPID-31058",
"CSAFPID-31059",
"CSAFPID-31060",
"CSAFPID-31061",
"CSAFPID-31062",
"CSAFPID-31063",
"CSAFPID-31064",
"CSAFPID-31065",
"CSAFPID-31066",
"CSAFPID-31067",
"CSAFPID-31068",
"CSAFPID-31069",
"CSAFPID-31070",
"CSAFPID-31071",
"CSAFPID-31072",
"CSAFPID-31073",
"CSAFPID-31074",
"CSAFPID-31075",
"CSAFPID-31076",
"CSAFPID-31077",
"CSAFPID-31078",
"CSAFPID-31079",
"CSAFPID-31080",
"CSAFPID-31081",
"CSAFPID-31082",
"CSAFPID-31083",
"CSAFPID-31084",
"CSAFPID-31085",
"CSAFPID-31086",
"CSAFPID-31087",
"CSAFPID-31088",
"CSAFPID-31089",
"CSAFPID-31090",
"CSAFPID-31091",
"CSAFPID-31092",
"CSAFPID-31093",
"CSAFPID-31094",
"CSAFPID-31095",
"CSAFPID-31096",
"CSAFPID-31097",
"CSAFPID-31098",
"CSAFPID-31099",
"CSAFPID-31100",
"CSAFPID-31101",
"CSAFPID-31102",
"CSAFPID-31103",
"CSAFPID-31104",
"CSAFPID-31105",
"CSAFPID-31106",
"CSAFPID-31107",
"CSAFPID-31108",
"CSAFPID-31109",
"CSAFPID-31110",
"CSAFPID-31111",
"CSAFPID-31112",
"CSAFPID-31113",
"CSAFPID-31114",
"CSAFPID-31115",
"CSAFPID-31116",
"CSAFPID-31117",
"CSAFPID-31118",
"CSAFPID-31119",
"CSAFPID-31120",
"CSAFPID-31121",
"CSAFPID-31122",
"CSAFPID-31123",
"CSAFPID-31124",
"CSAFPID-31125",
"CSAFPID-31126",
"CSAFPID-31127",
"CSAFPID-31128",
"CSAFPID-31129",
"CSAFPID-31130",
"CSAFPID-31131",
"CSAFPID-31132",
"CSAFPID-31133",
"CSAFPID-31134",
"CSAFPID-31135",
"CSAFPID-31136",
"CSAFPID-31137",
"CSAFPID-31138",
"CSAFPID-31139",
"CSAFPID-31140",
"CSAFPID-31141",
"CSAFPID-31142",
"CSAFPID-31143",
"CSAFPID-31144",
"CSAFPID-31145",
"CSAFPID-31146",
"CSAFPID-31147",
"CSAFPID-51001",
"CSAFPID-51002"
],
"last_affected": [
"CSAFPID-51002"
],
"under_investigation": [
"CSAFPID-33018",
"CSAFPID-33019",
"CSAFPID-33020",
"CSAFPID-33021",
"CSAFPID-33022",
"CSAFPID-33023",
"CSAFPID-33024",
"CSAFPID-33025",
"CSAFPID-33040",
"CSAFPID-33041",
"CSAFPID-33042",
"CSAFPID-33043",
"CSAFPID-33044",
"CSAFPID-33045",
"CSAFPID-33046",
"CSAFPID-33047",
"CSAFPID-33048",
"CSAFPID-33049",
"CSAFPID-33050",
"CSAFPID-33051",
"CSAFPID-33052",
"CSAFPID-33053",
"CSAFPID-33054",
"CSAFPID-33055",
"CSAFPID-33056",
"CSAFPID-33057",
"CSAFPID-33058",
"CSAFPID-33059",
"CSAFPID-33060",
"CSAFPID-33061",
"CSAFPID-33062",
"CSAFPID-33063",
"CSAFPID-33064",
"CSAFPID-33065",
"CSAFPID-33066",
"CSAFPID-33067",
"CSAFPID-33068",
"CSAFPID-33069",
"CSAFPID-33070",
"CSAFPID-33071",
"CSAFPID-33072",
"CSAFPID-33073",
"CSAFPID-33074",
"CSAFPID-33075",
"CSAFPID-33076",
"CSAFPID-33077",
"CSAFPID-33078",
"CSAFPID-33079",
"CSAFPID-33080",
"CSAFPID-33081",
"CSAFPID-33082",
"CSAFPID-33083",
"CSAFPID-33084",
"CSAFPID-33085",
"CSAFPID-33086",
"CSAFPID-33087",
"CSAFPID-33088",
"CSAFPID-33089",
"CSAFPID-33090",
"CSAFPID-33091",
"CSAFPID-33092",
"CSAFPID-33093",
"CSAFPID-33094",
"CSAFPID-33095",
"CSAFPID-33096",
"CSAFPID-33097",
"CSAFPID-33098",
"CSAFPID-33099",
"CSAFPID-33100",
"CSAFPID-33101",
"CSAFPID-33102",
"CSAFPID-33103",
"CSAFPID-33104",
"CSAFPID-33105",
"CSAFPID-33106",
"CSAFPID-33107",
"CSAFPID-33108",
"CSAFPID-33109",
"CSAFPID-33110",
"CSAFPID-33111",
"CSAFPID-33112",
"CSAFPID-33113",
"CSAFPID-33114",
"CSAFPID-33115",
"CSAFPID-33116",
"CSAFPID-33117",
"CSAFPID-33118",
"CSAFPID-33119",
"CSAFPID-33120",
"CSAFPID-33121",
"CSAFPID-33122",
"CSAFPID-33123",
"CSAFPID-33124",
"CSAFPID-33125",
"CSAFPID-33126",
"CSAFPID-33140",
"CSAFPID-33141",
"CSAFPID-33142",
"CSAFPID-33143"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact strongly recommends to upload firmware only from trusted source and to thorougly check the SHA256 checksum of the firmware image to be uploaded.",
"group_ids": [
"CSAFGID-0001"
],
"restart_required": {
"category": "none"
}
},
{
"category": "vendor_fix",
"date": "2026-04-22T08:00:00.000Z",
"details": "Phoenix Contact strongly recommends to upgrade the fixed firmware.",
"group_ids": [
"CSAFGID-0002"
],
"restart_required": {
"category": "system"
}
},
{
"category": "none_available",
"date": "2026-04-22T08:00:00.000Z",
"details": "Phoenix Contact strongly recommends to upgrade the fixed firmware as soon as it gets avaliable.",
"group_ids": [
"CSAFGID-0003"
],
"restart_required": {
"category": "system"
}
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002"
]
},
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032",
"CSAFPID-31033",
"CSAFPID-31034",
"CSAFPID-31035",
"CSAFPID-31036",
"CSAFPID-31037",
"CSAFPID-31038",
"CSAFPID-31039",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043",
"CSAFPID-31044",
"CSAFPID-31045",
"CSAFPID-31046",
"CSAFPID-31047",
"CSAFPID-31048",
"CSAFPID-31049",
"CSAFPID-31050",
"CSAFPID-31051",
"CSAFPID-31052",
"CSAFPID-31053",
"CSAFPID-31054",
"CSAFPID-31055",
"CSAFPID-31056",
"CSAFPID-31057",
"CSAFPID-31058",
"CSAFPID-31059",
"CSAFPID-31060",
"CSAFPID-31061",
"CSAFPID-31062",
"CSAFPID-31063",
"CSAFPID-31064",
"CSAFPID-31065",
"CSAFPID-31066",
"CSAFPID-31067",
"CSAFPID-31068",
"CSAFPID-31069",
"CSAFPID-31070",
"CSAFPID-31071",
"CSAFPID-31072",
"CSAFPID-31073",
"CSAFPID-31074",
"CSAFPID-31075",
"CSAFPID-31076",
"CSAFPID-31077",
"CSAFPID-31078",
"CSAFPID-31079",
"CSAFPID-31080",
"CSAFPID-31081",
"CSAFPID-31082",
"CSAFPID-31083",
"CSAFPID-31084",
"CSAFPID-31085",
"CSAFPID-31086",
"CSAFPID-31087",
"CSAFPID-31088",
"CSAFPID-31089",
"CSAFPID-31090",
"CSAFPID-31091",
"CSAFPID-31092",
"CSAFPID-31093",
"CSAFPID-31094",
"CSAFPID-31095",
"CSAFPID-31096",
"CSAFPID-31097",
"CSAFPID-31098",
"CSAFPID-31099",
"CSAFPID-31100",
"CSAFPID-31101",
"CSAFPID-31102",
"CSAFPID-31103",
"CSAFPID-31104",
"CSAFPID-31105",
"CSAFPID-31106",
"CSAFPID-31107",
"CSAFPID-31108",
"CSAFPID-31109",
"CSAFPID-31110",
"CSAFPID-31111",
"CSAFPID-31112",
"CSAFPID-31113",
"CSAFPID-31114",
"CSAFPID-31115",
"CSAFPID-31116",
"CSAFPID-31117",
"CSAFPID-31118",
"CSAFPID-31119",
"CSAFPID-31120",
"CSAFPID-31121",
"CSAFPID-31122",
"CSAFPID-31123",
"CSAFPID-31124",
"CSAFPID-31125",
"CSAFPID-31126",
"CSAFPID-31127",
"CSAFPID-31128",
"CSAFPID-31129",
"CSAFPID-31130",
"CSAFPID-31131",
"CSAFPID-31132",
"CSAFPID-31133",
"CSAFPID-31134",
"CSAFPID-31135",
"CSAFPID-31136",
"CSAFPID-31137",
"CSAFPID-31138",
"CSAFPID-31139",
"CSAFPID-31140",
"CSAFPID-31141",
"CSAFPID-31142",
"CSAFPID-31143",
"CSAFPID-31144",
"CSAFPID-31145",
"CSAFPID-31146",
"CSAFPID-31147"
]
}
],
"title": "OpenSSL CMS AEAD Stack Overflow Vulnerability"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.",
"title": "CVE Description"
},
{
"audience": "all",
"category": "details",
"text": "PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.",
"title": "CVE Details"
},
{
"audience": "operational management and system administrators",
"category": "details",
"text": "The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.",
"title": "CVE Impact"
},
{
"audience": "Operational management and system administrators",
"category": "details",
"text": "In the device context, there is one deviations from the original CVSS assessment. The attacker must be logged in with an high priviledged User (PR:H).",
"title": "CVE Characterisation"
}
],
"product_status": {
"first_affected": [
"CSAFPID-51001"
],
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32013",
"CSAFPID-32017",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32127",
"CSAFPID-32128",
"CSAFPID-32129",
"CSAFPID-32130",
"CSAFPID-32131",
"CSAFPID-32132",
"CSAFPID-32133",
"CSAFPID-32134",
"CSAFPID-32135",
"CSAFPID-32136",
"CSAFPID-32137",
"CSAFPID-32138",
"CSAFPID-32139",
"CSAFPID-32144",
"CSAFPID-32145",
"CSAFPID-32146",
"CSAFPID-32147",
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043",
"CSAFPID-31044",
"CSAFPID-31045",
"CSAFPID-31046",
"CSAFPID-31047",
"CSAFPID-31048",
"CSAFPID-31049",
"CSAFPID-31050",
"CSAFPID-31051",
"CSAFPID-31052",
"CSAFPID-31053",
"CSAFPID-31054",
"CSAFPID-31055",
"CSAFPID-31056",
"CSAFPID-31057",
"CSAFPID-31058",
"CSAFPID-31059",
"CSAFPID-31060",
"CSAFPID-31061",
"CSAFPID-31062",
"CSAFPID-31063",
"CSAFPID-31064",
"CSAFPID-31065",
"CSAFPID-31066",
"CSAFPID-31067",
"CSAFPID-31068",
"CSAFPID-31069",
"CSAFPID-31070",
"CSAFPID-31071",
"CSAFPID-31072",
"CSAFPID-31073",
"CSAFPID-31074",
"CSAFPID-31075",
"CSAFPID-31076",
"CSAFPID-31077",
"CSAFPID-31078",
"CSAFPID-31079",
"CSAFPID-31080",
"CSAFPID-31081",
"CSAFPID-31082",
"CSAFPID-31083",
"CSAFPID-31084",
"CSAFPID-31085",
"CSAFPID-31086",
"CSAFPID-31087",
"CSAFPID-31088",
"CSAFPID-31089",
"CSAFPID-31090",
"CSAFPID-31091",
"CSAFPID-31092",
"CSAFPID-31093",
"CSAFPID-31094",
"CSAFPID-31095",
"CSAFPID-31096",
"CSAFPID-31097",
"CSAFPID-31098",
"CSAFPID-31099",
"CSAFPID-31100",
"CSAFPID-31101",
"CSAFPID-31102",
"CSAFPID-31103",
"CSAFPID-31104",
"CSAFPID-31105",
"CSAFPID-31106",
"CSAFPID-31107",
"CSAFPID-31108",
"CSAFPID-31109",
"CSAFPID-31110",
"CSAFPID-31111",
"CSAFPID-31112",
"CSAFPID-31113",
"CSAFPID-31114",
"CSAFPID-31115",
"CSAFPID-31116",
"CSAFPID-31117",
"CSAFPID-31118",
"CSAFPID-31119",
"CSAFPID-31120",
"CSAFPID-31121",
"CSAFPID-31122",
"CSAFPID-31127",
"CSAFPID-31128",
"CSAFPID-31129",
"CSAFPID-31130",
"CSAFPID-31131",
"CSAFPID-31132",
"CSAFPID-31133",
"CSAFPID-31134",
"CSAFPID-31135",
"CSAFPID-31136",
"CSAFPID-31137",
"CSAFPID-31138",
"CSAFPID-31139",
"CSAFPID-31140",
"CSAFPID-31141",
"CSAFPID-31142",
"CSAFPID-31143",
"CSAFPID-51001",
"CSAFPID-51002"
],
"last_affected": [
"CSAFPID-51002"
],
"under_investigation": [
"CSAFPID-33018",
"CSAFPID-33019",
"CSAFPID-33020",
"CSAFPID-33021",
"CSAFPID-33022",
"CSAFPID-33023",
"CSAFPID-33024",
"CSAFPID-33025",
"CSAFPID-33040",
"CSAFPID-33041",
"CSAFPID-33042",
"CSAFPID-33043",
"CSAFPID-33044",
"CSAFPID-33045",
"CSAFPID-33046",
"CSAFPID-33047",
"CSAFPID-33048",
"CSAFPID-33049",
"CSAFPID-33050",
"CSAFPID-33051",
"CSAFPID-33052",
"CSAFPID-33053",
"CSAFPID-33054",
"CSAFPID-33055",
"CSAFPID-33056",
"CSAFPID-33057",
"CSAFPID-33058",
"CSAFPID-33059",
"CSAFPID-33060",
"CSAFPID-33061",
"CSAFPID-33062",
"CSAFPID-33063",
"CSAFPID-33064",
"CSAFPID-33065",
"CSAFPID-33066",
"CSAFPID-33067",
"CSAFPID-33068",
"CSAFPID-33069",
"CSAFPID-33070",
"CSAFPID-33071",
"CSAFPID-33072",
"CSAFPID-33073",
"CSAFPID-33074",
"CSAFPID-33075",
"CSAFPID-33076",
"CSAFPID-33077",
"CSAFPID-33078",
"CSAFPID-33079",
"CSAFPID-33080",
"CSAFPID-33081",
"CSAFPID-33082",
"CSAFPID-33083",
"CSAFPID-33084",
"CSAFPID-33085",
"CSAFPID-33086",
"CSAFPID-33087",
"CSAFPID-33088",
"CSAFPID-33089",
"CSAFPID-33090",
"CSAFPID-33091",
"CSAFPID-33092",
"CSAFPID-33093",
"CSAFPID-33094",
"CSAFPID-33095",
"CSAFPID-33096",
"CSAFPID-33097",
"CSAFPID-33098",
"CSAFPID-33099",
"CSAFPID-33100",
"CSAFPID-33101",
"CSAFPID-33102",
"CSAFPID-33103",
"CSAFPID-33104",
"CSAFPID-33105",
"CSAFPID-33106",
"CSAFPID-33107",
"CSAFPID-33108",
"CSAFPID-33109",
"CSAFPID-33110",
"CSAFPID-33111",
"CSAFPID-33112",
"CSAFPID-33113",
"CSAFPID-33114",
"CSAFPID-33115",
"CSAFPID-33116",
"CSAFPID-33117",
"CSAFPID-33118",
"CSAFPID-33119",
"CSAFPID-33120",
"CSAFPID-33121",
"CSAFPID-33122",
"CSAFPID-33123",
"CSAFPID-33124",
"CSAFPID-33125",
"CSAFPID-33126",
"CSAFPID-33140",
"CSAFPID-33141",
"CSAFPID-33142",
"CSAFPID-33143"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact strongly recommends to upload firmware only from trusted source and to thorougly check the SHA256 checksum of the firmware image to be uploaded.",
"group_ids": [
"CSAFGID-0001"
],
"restart_required": {
"category": "none"
}
},
{
"category": "vendor_fix",
"date": "2026-04-22T08:00:00.000Z",
"details": "Phoenix Contact strongly recommends to upgrade the fixed firmware.",
"group_ids": [
"CSAFGID-0002"
],
"restart_required": {
"category": "system"
}
},
{
"category": "none_available",
"date": "2026-04-22T08:00:00.000Z",
"details": "Phoenix Contact strongly recommends to upgrade the fixed firmware as soon as it gets avaliable. ",
"group_ids": [
"CSAFGID-0003"
],
"restart_required": {
"category": "system"
}
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.4,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002"
]
},
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31040",
"CSAFPID-31041",
"CSAFPID-31042",
"CSAFPID-31043",
"CSAFPID-31044",
"CSAFPID-31045",
"CSAFPID-31046",
"CSAFPID-31047",
"CSAFPID-31048",
"CSAFPID-31049",
"CSAFPID-31050",
"CSAFPID-31051",
"CSAFPID-31052",
"CSAFPID-31053",
"CSAFPID-31054",
"CSAFPID-31055",
"CSAFPID-31056",
"CSAFPID-31057",
"CSAFPID-31058",
"CSAFPID-31059",
"CSAFPID-31060",
"CSAFPID-31061",
"CSAFPID-31062",
"CSAFPID-31063",
"CSAFPID-31064",
"CSAFPID-31065",
"CSAFPID-31066",
"CSAFPID-31067",
"CSAFPID-31068",
"CSAFPID-31069",
"CSAFPID-31070",
"CSAFPID-31071",
"CSAFPID-31072",
"CSAFPID-31073",
"CSAFPID-31074",
"CSAFPID-31075",
"CSAFPID-31076",
"CSAFPID-31077",
"CSAFPID-31078",
"CSAFPID-31079",
"CSAFPID-31080",
"CSAFPID-31081",
"CSAFPID-31082",
"CSAFPID-31083",
"CSAFPID-31084",
"CSAFPID-31085",
"CSAFPID-31086",
"CSAFPID-31087",
"CSAFPID-31088",
"CSAFPID-31089",
"CSAFPID-31090",
"CSAFPID-31091",
"CSAFPID-31092",
"CSAFPID-31093",
"CSAFPID-31094",
"CSAFPID-31095",
"CSAFPID-31096",
"CSAFPID-31097",
"CSAFPID-31098",
"CSAFPID-31099",
"CSAFPID-31100",
"CSAFPID-31101",
"CSAFPID-31102",
"CSAFPID-31103",
"CSAFPID-31104",
"CSAFPID-31105",
"CSAFPID-31106",
"CSAFPID-31107",
"CSAFPID-31108",
"CSAFPID-31109",
"CSAFPID-31110",
"CSAFPID-31111",
"CSAFPID-31112",
"CSAFPID-31113",
"CSAFPID-31114",
"CSAFPID-31115",
"CSAFPID-31116",
"CSAFPID-31117",
"CSAFPID-31118",
"CSAFPID-31119",
"CSAFPID-31120",
"CSAFPID-31121",
"CSAFPID-31122",
"CSAFPID-31127",
"CSAFPID-31128",
"CSAFPID-31129",
"CSAFPID-31130",
"CSAFPID-31131",
"CSAFPID-31132",
"CSAFPID-31133",
"CSAFPID-31134",
"CSAFPID-31135",
"CSAFPID-31136",
"CSAFPID-31137",
"CSAFPID-31138",
"CSAFPID-31139",
"CSAFPID-31140",
"CSAFPID-31141",
"CSAFPID-31142",
"CSAFPID-31143"
]
}
],
"title": "OpenSSL Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 can trigger a one byte write before the allocated buffer."
}
]
}
VDE-2026-029
Vulnerability from csaf_mettlertoledogmbh - Published: 2026-04-23 10:00 - Updated: 2026-04-23 10:00Summary
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances
Severity
Medium
Notes
Summary: MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
Impact: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.
Remediation: Update MX/MR firmware to version 2.1.0
Disclaimer: Your use of the information on this document or materials linked from this document is at your own risk. METTLER TOLEDO makes reasonable efforts to ensure the accuracy of the information but does not grant any warranty, express or implied, including warranties of merchantability or fitness for a particular purpose. To the extent permitted by applicable law, METTLER TOLEDO excludes liability for any loss, claim, expense or damage arising from or related to the statements in this document. METTLER TOLEDO reserves the right to change or update this document at any time.
Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Vulnerability potentially exploitable with manipulated SW upgrade package on USB memory. The vulnerability is fixed in openssl debian package 3.0.18-1~deb12u2. In the device context, there are deviations from the original CVSS assessment. Attack vector is set to 'local' because firmware upgrades are only possible though an attached USB memory, not through the network.
8.8 (High)
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32000 | — | ||
| Unresolved product id: CSAFPID-32001 | — | ||
|
openssl 3.0.18-1~deb12u2
Debian Project
|
pkg:deb/debian/openssl@3.0.18-1~deb12u2
|
3.0.18-1~deb12u2 |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31000 | — |
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31001 | — |
Vendor Fix
|
|
|
openssl 3.0.18-1~deb12u1
Debian Project
|
pkg:deb/debian/openssl@3.0.18-1~deb12u1
|
3.0.18-1~deb12u1 |
Vendor Fix
|
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32000 | — | ||
| Unresolved product id: CSAFPID-32001 | — | ||
|
openssl 3.0.18-1~deb12u2
Debian Project
|
pkg:deb/debian/openssl@3.0.18-1~deb12u2
|
3.0.18-1~deb12u2 |
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Medium"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.",
"title": "Summary"
},
{
"category": "description",
"text": "A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.",
"title": "Impact"
},
{
"category": "description",
"text": "Update MX/MR firmware to version 2.1.0",
"title": "Remediation"
},
{
"category": "legal_disclaimer",
"text": "Your use of the information on this document or materials linked from this document is at your own risk. METTLER TOLEDO makes reasonable efforts to ensure the accuracy of the information but does not grant any warranty, express or implied, including warranties of merchantability or fitness for a particular purpose. To the extent permitted by applicable law, METTLER TOLEDO excludes liability for any loss, claim, expense or damage arising from or related to the statements in this document. METTLER TOLEDO reserves the right to change or update this document at any time.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@mt.com",
"name": "Mettler-Toledo GmbH",
"namespace": "https://www.mt.com"
},
"references": [
{
"category": "external",
"summary": "Product security website of METTLER TOLEDO",
"url": "https://www.mt.com/ph/en/home/site_content/product-security.html"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for METTLER TOLEDO",
"url": "https://certvde.com/en/advisories/vendor/mettler-toledo/"
},
{
"category": "self",
"summary": "VDE-2026-029: METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-029/"
},
{
"category": "self",
"summary": "VDE-2026-029: METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances - CSAF",
"url": "https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-029.json"
}
],
"title": "METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances",
"tracking": {
"aliases": [
"VDE-2026-029"
],
"current_release_date": "2026-04-23T10:00:00.000Z",
"generator": {
"date": "2026-04-23T10:41:48.109Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "VDE-2026-029",
"initial_release_date": "2026-04-23T10:00:00.000Z",
"revision_history": [
{
"date": "2026-04-23T10:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MX balance",
"product": {
"name": "MX balance",
"product_id": "CSAFPID-11000",
"product_identification_helper": {
"cpe": "cpe:2.3:h:mettler_toledo:mx_balance:*:*:*:*:*:*:*:*",
"model_numbers": [
"MX*"
]
}
}
},
{
"category": "product_name",
"name": "MR balance",
"product": {
"name": "MR balance",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:mettler_toledo:mr_balance:*:*:*:*:*:*:*:*",
"model_numbers": [
"MR*"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version",
"name": "2.1.0",
"product": {
"name": "Firmware V2.1.0",
"product_id": "CSAFPID-22000"
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003c2.1.0",
"product": {
"name": "Firmware \u003c2.1.0",
"product_id": "CSAFPID-21000"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "METTLER TOLEDO"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.18-1~deb12u1",
"product": {
"name": "openssl 3.0.18-1~deb12u1",
"product_id": "CSAFPID-51002",
"product_identification_helper": {
"purl": "pkg:deb/debian/openssl@3.0.18-1~deb12u1"
}
}
},
{
"category": "product_version",
"name": "3.0.18-1~deb12u2",
"product": {
"name": "openssl 3.0.18-1~deb12u2",
"product_id": "CSAFPID-52002",
"product_identification_helper": {
"purl": "pkg:deb/debian/openssl@3.0.18-1~deb12u2"
}
}
}
],
"category": "service_pack",
"name": "openssl debian package"
}
],
"category": "vendor",
"name": "Debian Project"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.1.0 installed on MX balance",
"product_id": "CSAFPID-31000"
},
"product_reference": "CSAFPID-21000",
"relates_to_product_reference": "CSAFPID-11000"
},
{
"category": "installed_with",
"full_product_name": {
"name": "Firmware \u003c2.1.0 installed on MR balance",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21000",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V2.1.0 installed on MX balance",
"product_id": "CSAFPID-32000",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mettler_toledo:mx_balance_firmware:2.1.0:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-22000",
"relates_to_product_reference": "CSAFPID-11000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V2.1.0 installed on MR balance",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mettler_toledo:mr_balance_firmware:2.1.0:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-22000",
"relates_to_product_reference": "CSAFPID-11001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "CVE Description"
},
{
"audience": "operational management and system administrators",
"category": "description",
"text": "Vulnerability potentially exploitable with manipulated SW upgrade package on USB memory.\nThe vulnerability is fixed in openssl debian package 3.0.18-1~deb12u2.\n\nIn the device context, there are deviations from the original CVSS assessment. Attack vector is set to \u0027local\u0027 because firmware upgrades are only possible though an attached USB memory, not through the network.",
"title": "Vulnerability Characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-32000",
"CSAFPID-32001",
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-31000",
"CSAFPID-31001",
"CSAFPID-51002"
],
"recommended": [
"CSAFPID-32000",
"CSAFPID-32001",
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update MX Firmware to version 2.1.0",
"product_ids": [
"CSAFPID-31000"
]
},
{
"category": "vendor_fix",
"details": "Update MR Firmware to version 2.1.0",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Vulnerable debian openssl package shall be updated to openssl package version \t3.0.18-1~deb12u2 ",
"product_ids": [
"CSAFPID-51002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51002"
]
},
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31000",
"CSAFPID-31001"
]
}
],
"title": "OpenSSL vulnerability affecting SW upgrade packages"
}
]
}
VDE-2026-064
Vulnerability from csaf_mettlertoledogmbh - Published: 2026-06-09 10:00 - Updated: 2026-06-09 10:00Summary
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3
Notes
Summary: Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
Notice: LabX Standard was formerly known as LabX Cloud Local.
Impact: The identified vulnerabilities may expose the system to risks such as denial‑of‑service attacks, authentication bypass, authorization weaknesses, and potential remote code execution.
Remediation: For Vulnerabilities CVE-2023-29331, CVE-2024-0056, CVE-2021-24112, CVE-2023-36414, CVE-2024-43483, CVE-2026-24737, CVE-2025-46817, CVE-2026-22036, CVE-2025-68154, CVE-2026-2391, CVE-2026-26130, CVE-2026-26127, CVE-2026-21218, CVE-2025-68121, CVE-2025-15281, CVE-2018-15727, CVE-2025-9230 update all LabX Standard installations to 21.4.23 to address and resolve the vulnerabilities.
Disclaimer: Your use of the information on this document or materials linked from this document is at your own risk. METTLER TOLEDO makes reasonable efforts to ensure the accuracy of the information but does not grant any warranty, express or implied, including warranties of merchantability or fitness for a particular purpose. To the extent permitted by applicable law, METTLER TOLEDO excludes liability for any loss, claim, expense or damage arising from or related to the statements in this document. METTLER TOLEDO reserves the right to change or update this document at any time.
.NET Framework, and Visual Studio Denial of Service Vulnerability
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
8.7 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
.NET Core Remote Code Execution Vulnerability
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Azure Identity SDK Remote Code Execution Vulnerability
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
CWE-190 - Integer Overflow or WraparoundAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284). ### Details When the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `['a', 'b', 'c']`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
None Available
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
None Available
|
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
None Available
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
None Available
|
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
10 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
None Available
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
None Available
|
An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.3.22
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*
|
21.3.22 |
Vendor Fix
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
None Available
|
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
LabX Standard 21.4.23
METTLER TOLEDO / Software / LabX Standard
|
cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*
|
21.4.23 |
None Available
|
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.\n\nNotice: LabX Standard was formerly known as LabX Cloud Local.",
"title": "Summary"
},
{
"category": "description",
"text": "The identified vulnerabilities may expose the system to risks such as denial\u2011of\u2011service attacks, authentication bypass, authorization weaknesses, and potential remote code execution.",
"title": "Impact"
},
{
"category": "description",
"text": "For Vulnerabilities CVE-2023-29331, CVE-2024-0056, CVE-2021-24112, CVE-2023-36414, CVE-2024-43483, CVE-2026-24737, CVE-2025-46817, CVE-2026-22036, CVE-2025-68154, CVE-2026-2391, CVE-2026-26130, CVE-2026-26127, CVE-2026-21218, CVE-2025-68121, CVE-2025-15281, CVE-2018-15727, CVE-2025-9230 update all LabX Standard installations to 21.4.23 to address and resolve the vulnerabilities.",
"title": "Remediation"
},
{
"category": "legal_disclaimer",
"text": "Your use of the information on this document or materials linked from this document is at your own risk. METTLER TOLEDO makes reasonable efforts to ensure the accuracy of the information but does not grant any warranty, express or implied, including warranties of merchantability or fitness for a particular purpose. To the extent permitted by applicable law, METTLER TOLEDO excludes liability for any loss, claim, expense or damage arising from or related to the statements in this document. METTLER TOLEDO reserves the right to change or update this document at any time.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@mt.com",
"name": "Mettler-Toledo GmbH",
"namespace": "https://www.mt.com"
},
"references": [
{
"category": "external",
"summary": "Product security website of METTLER TOLEDO",
"url": "https://www.mt.com/ph/en/home/site_content/product-security.html"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for METTLER TOLEDO",
"url": "https://certvde.com/en/advisories/vendor/mettler-toledo/"
},
{
"category": "self",
"summary": "VDE-2026-064: METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-064/"
},
{
"category": "self",
"summary": "VDE-2026-064: METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3 - CSAF",
"url": "https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-064.json"
}
],
"title": "METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3",
"tracking": {
"aliases": [
"VDE-2026-064"
],
"current_release_date": "2026-06-09T10:00:00.000Z",
"generator": {
"date": "2026-06-08T11:42:39.202Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "VDE-2026-064",
"initial_release_date": "2026-06-09T10:00:00.000Z",
"revision_history": [
{
"date": "2026-06-09T10:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "21.3.22",
"product": {
"name": "LabX Standard 21.3.22",
"product_id": "CSAFPID-51000",
"product_identification_helper": {
"cpe": "cpe:2.3:a:mettler_toledo:labx_standard:21.3.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "21.4.23",
"product": {
"name": "LabX Standard 21.4.23",
"product_id": "CSAFPID-52002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:mettler_toledo:labx_standard:21.4.23:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "LabX Standard"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "METTLER TOLEDO"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29331",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": ".NET Framework, and Visual Studio Denial of Service Vulnerability",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.7,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 8.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability"
},
{
"cve": "CVE-2021-24112",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": ".NET Core Remote Code Execution Vulnerability",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": ".NET Core Remote Code Execution Vulnerability"
},
{
"cve": "CVE-2023-36414",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "Azure Identity SDK Remote Code Execution Vulnerability",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "Azure Identity SDK Remote Code Execution Vulnerability"
},
{
"cve": "CVE-2024-43483",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "description",
"text": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
},
{
"cve": "CVE-2026-24737",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "description",
"text": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution"
},
{
"cve": "CVE-2025-46817",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "Lua library commands may lead to integer overflow and potential RCE"
},
{
"cve": "CVE-2026-22036",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": " Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion"
},
{
"cve": "CVE-2025-68154",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "Command Injection in fsSize() on Windows"
},
{
"cve": "CVE-2026-2391",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284). ### Details When the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `[\u0027a\u0027, \u0027b\u0027, \u0027c\u0027]`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "qs\u0027s arrayLimit bypass in comma parsing allows denial of service"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-52002"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "none_available",
"details": "This vulnerability will be fixed in the upcoming releases",
"product_ids": [
"CSAFPID-52002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.4,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-52002"
]
}
],
"title": "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion"
},
{
"cve": "CVE-2026-0915",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "description",
"text": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-52002"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "none_available",
"details": "This vulnerability will be fixed in the upcoming releases",
"product_ids": [
"CSAFPID-52002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-52002"
]
}
],
"title": "getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler"
},
{
"cve": "CVE-2026-26130",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "ASP.NET Core Denial of Service Vulnerability"
},
{
"cve": "CVE-2026-26127",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": ".NET Denial of Service Vulnerability"
},
{
"cve": "CVE-2026-21218",
"cwe": {
"id": "CWE-166",
"name": "Improper Handling of Missing Special Element"
},
"notes": [
{
"category": "description",
"text": "Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": ".NET Spoofing Vulnerability"
},
{
"cve": "CVE-2025-68121",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 10,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 10,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2025-15281",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "description",
"text": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory"
},
{
"cve": "CVE-2018-15727",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "description",
"text": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"title": "CVE Decription"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user."
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-52002"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "none_available",
"details": "This vulnerability will be fixed in the upcoming releases",
"product_ids": [
"CSAFPID-52002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-52002"
]
}
],
"title": "Stack buffer overflow in CMS (Auth)EnvelopedData parsing"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51000"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to LabX Standard v21.4.23",
"product_ids": [
"CSAFPID-51000"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51000"
]
}
],
"title": "Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-58187",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "description",
"text": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-52002"
],
"recommended": [
"CSAFPID-52002"
]
},
"remediations": [
{
"category": "none_available",
"details": "This vulnerability will be fixed in the upcoming releases",
"product_ids": [
"CSAFPID-52002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-52002"
]
}
],
"title": "Quadratic complexity when checking name constraints in crypto/x509"
}
]
}
WID-SEC-W-2026-0234
Vulnerability from csaf_certbund - Published: 2026-01-27 23:00 - Updated: 2026-06-08 22:00Summary
OpenSSL: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff: Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
Affected products
Known affected
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.16.57
Red Hat / OpenShift
|
Container Platform <4.16.57 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Splunk Splunk Enterprise <9.4.10
Splunk / Splunk Enterprise
|
<9.4.10 | ||
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Splunk Splunk Enterprise <9.3.11
Splunk / Splunk Enterprise
|
<9.3.11 | ||
|
Splunk Splunk Enterprise <10.2.2
Splunk / Splunk Enterprise
|
<10.2.2 | ||
|
Splunk Splunk Enterprise <10.0.5
Splunk / Splunk Enterprise
|
<10.0.5 | ||
|
IBM AIX <7.3
IBM / AIX
|
<7.3 | ||
|
Meinberg LANTIME <7.10.008
Meinberg / LANTIME
|
<7.10.008 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Insyde UEFI Firmware <05.72.07
Insyde / UEFI Firmware
|
<05.72.07 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM InfoSphere Information Server 11.7.0.0-11.7.1.6
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6
|
11.7.0.0-11.7.1.6 | |
|
Open Source OpenSSL <3.5.5
Open Source / OpenSSL
|
<3.5.5 | ||
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Open Source OpenSSL <3.6.1
Open Source / OpenSSL
|
<3.6.1 | ||
|
Dell integrated Dell Remote Access Controller 10 <1.30.10.50
Dell / integrated Dell Remote Access Controller
|
10 <1.30.10.50 | ||
|
Open Source Camunda 7
Open Source / Camunda
|
cpe:/a:camunda:camunda:7
|
7 | |
|
IBM AIX <7.2
IBM / AIX
|
<7.2 | ||
|
Dell integrated Dell Remote Access Controller 9 <7.30.10.50
Dell / integrated Dell Remote Access Controller
|
9 <7.30.10.50 | ||
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell integrated Dell Remote Access Controller 9 <7.00.00.184
Dell / integrated Dell Remote Access Controller
|
9 <7.00.00.184 | ||
|
IBM VIOS <3.1
IBM / VIOS
|
<3.1 | ||
|
IBM DataPower Gateway
IBM
|
cpe:/a:ibm:datapower_gateway:-
|
— | |
|
IBM VIOS <4.1
IBM / VIOS
|
<4.1 | ||
|
Open Source OpenSSL <1.0.2zn
Open Source / OpenSSL
|
<1.0.2zn | ||
|
Insyde UEFI Firmware <05.63.07
Insyde / UEFI Firmware
|
<05.63.07 | ||
|
Fortinet FortiPortal <7.4.9
Fortinet / FortiPortal
|
<7.4.9 | ||
|
Insyde UEFI Firmware <05.48.07
Insyde / UEFI Firmware
|
<05.48.07 | ||
|
Insyde UEFI Firmware <05.56.07
Insyde / UEFI Firmware
|
<05.56.07 | ||
|
Open Source OpenSSL <3.3.6
Open Source / OpenSSL
|
<3.3.6 | ||
|
Open Source OpenSSL <3.4.4
Open Source / OpenSSL
|
<3.4.4 | ||
|
Red Hat OpenShift Container Platform <4.16.59
Red Hat / OpenShift
|
Container Platform <4.16.59 | ||
|
Insyde UEFI Firmware <05.3A.07
Insyde / UEFI Firmware
|
<05.3A.07 | ||
|
Open Source OpenSSL <1.1.1ze
Open Source / OpenSSL
|
<1.1.1ze | ||
|
Open Source OpenSSL <3.0.19
Open Source / OpenSSL
|
<3.0.19 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Phoenix Contact TC ROUTER <1.6.24
Phoenix Contact / TC ROUTER
|
<1.6.24 | ||
|
Fabasoft Cloud
Fabasoft
|
cpe:/a:fabasoft:fabasoft_cloud:-
|
— | |
|
Phoenix Contact FL SWITCH <3.57
Phoenix Contact / FL SWITCH
|
<3.57 | ||
|
Phoenix Contact TC ROUTER <3.8.9
Phoenix Contact / TC ROUTER
|
<3.8.9 | ||
|
IBM MQ <9.2.0.41
IBM / MQ
|
<9.2.0.41 | ||
|
IBM MQ <9.1.0.34
IBM / MQ
|
<9.1.0.34 | ||
|
Phoenix Contact FL MGUARD <10.6.1
Phoenix Contact / FL MGUARD
|
<10.6.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
ABB AC-500 v3 3.90
ABB / AC-500
|
cpe:/h:abb:ac-500:v3_3.90
|
v3 3.90 | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
IBM MQ <9.4.0.20
IBM / MQ
|
<9.4.0.20 | ||
|
IBM MQ <9.3.0.37
IBM / MQ
|
<9.3.0.37 | ||
|
Phoenix Contact TC ROUTER <5.0.72.102
Phoenix Contact / TC ROUTER
|
<5.0.72.102 | ||
|
Red Hat OpenShift Container Platform <4.15.62
Red Hat / OpenShift
|
Container Platform <4.15.62 | ||
|
Dell BIOS
Dell
|
cpe:/h:dell:bios:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.62
Red Hat / OpenShift
|
Container Platform <4.14.62 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.65
Red Hat / OpenShift
|
Container Platform <4.13.65 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
References
112 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0234 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0234.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0234 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0234"
},
{
"category": "external",
"summary": "OpenSSL Advisory vom 2026-01-27",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1472 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1472"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6113 vom 2026-01-27",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00022.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7980-1 vom 2026-01-27",
"url": "https://ubuntu.com/security/notices/USN-7980-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7980-2 vom 2026-01-27",
"url": "https://ubuntu.com/security/notices/USN-7980-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1473 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1473"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0311-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023934.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0310-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023935.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0309-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023936.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1503 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1503"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1519 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1519"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1496 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1496"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0312-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023933.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-1473 vom 2026-01-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-1473.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-1472 vom 2026-01-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-1472.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50075 vom 2026-01-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-50075.html"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2026-006 vom 2026-01-29",
"url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-006"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0343-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023992.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1594 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1594"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0333-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023989.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0332-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023983.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0331-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023981.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:1473 vom 2026-01-31",
"url": "https://errata.build.resf.org/RLSA-2026:1473"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50080 vom 2026-01-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-50080.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:1472 vom 2026-01-31",
"url": "https://errata.build.resf.org/RLSA-2026:1472"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0346-1 vom 2026-01-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023997.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50081 vom 2026-01-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-50081.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1736 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1736"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0360-1 vom 2026-02-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024012.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1733 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1733"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0359-1 vom 2026-02-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024013.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20152-1 vom 2026-02-03",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KPPEXKBIG3QPIRWWHQNP3EAAUOY3GA5V/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20211-1 vom 2026-02-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024049.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260204-0005 vom 2026-02-04",
"url": "https://security.netapp.com/advisory/NTAP-20260204-0005"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260204-0006 vom 2026-02-04",
"url": "https://security.netapp.com/advisory/NTAP-20260204-0006"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260204-0012 vom 2026-02-04",
"url": "https://security.netapp.com/advisory/NTAP-20260204-0012"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20223-1 vom 2026-02-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024064.html"
},
{
"category": "external",
"summary": "FortiGuard Labs PSIRT Advisory FG-IR-26-076 vom 2026-02-06",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-076"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2077 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2077"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2072 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "external",
"summary": "Meinberg Security Advisory MBGSA-2026.02 vom 2026-02-10",
"url": "http://news.meinberg.de/664/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2485 vom 2026-02-10",
"url": "https://access.redhat.com/errata/RHSA-2026:2485"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2563 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2563"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0498-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024156.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20349-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024281.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20373-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024318.html"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2026-03 vom 2026-02-17",
"url": "https://kb.igel.com/en/security-safety/current/isn-2026-03-openssl-vulnerability"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20418-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024331.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3150 vom 2026-02-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3150.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2671 vom 2026-02-18",
"url": "https://access.redhat.com/errata/RHSA-2026:2671"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2OPENSSL-SNAPSAFE-2026-009 vom 2026-02-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2OPENSSL-SNAPSAFE-2026-009.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3168 vom 2026-02-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3168.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3169 vom 2026-02-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3169.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2633 vom 2026-02-18",
"url": "https://access.redhat.com/errata/RHSA-2026:2633"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2659 vom 2026-02-18",
"url": "https://access.redhat.com/errata/RHSA-2026:2659"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2026-3335 vom 2026-02-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36980"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3042 vom 2026-02-23",
"url": "https://access.redhat.com/errata/RHSA-2026:3042"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2995 vom 2026-02-23",
"url": "https://access.redhat.com/errata/RHSA-2026:2995"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2994 vom 2026-02-23",
"url": "https://access.redhat.com/errata/RHSA-2026:2994"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4490 vom 2026-02-24",
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00030.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10237-1 vom 2026-02-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4WRV4ISEUKTVWATBUIO2SUY7JFPFBQ7F/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3228 vom 2026-02-24",
"url": "https://access.redhat.com/errata/RHSA-2026:3228"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3364 vom 2026-02-25",
"url": "https://access.redhat.com/errata/RHSA-2026:3364"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50131 vom 2026-02-27",
"url": "https://linux.oracle.com/errata/ELSA-2026-50131.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2974 vom 2026-02-26",
"url": "https://access.redhat.com/errata/RHSA-2026:2974"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3437 vom 2026-02-26",
"url": "https://access.redhat.com/errata/RHSA-2026:3437"
},
{
"category": "external",
"summary": "Camunda Security Notices vom 2026-02-26",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3461 vom 2026-02-27",
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3462 vom 2026-02-27",
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262259 vom 2026-03-02",
"url": "https://www.ibm.com/support/pages/node/7262259"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262441 vom 2026-03-03",
"url": "https://www.ibm.com/support/pages/node/7262441"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3415 vom 2026-03-05",
"url": "https://access.redhat.com/errata/RHSA-2026:3415"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20542-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024594.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20607-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024609.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4163 vom 2026-03-10",
"url": "https://access.redhat.com/errata/RHSA-2026:4163"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262978 vom 2026-03-09",
"url": "https://www.ibm.com/support/pages/node/7262978"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4214 vom 2026-03-10",
"url": "https://access.redhat.com/errata/RHSA-2026:4214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3861 vom 2026-03-12",
"url": "https://access.redhat.com/errata/RHSA-2026:3861"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4472 vom 2026-03-12",
"url": "https://access.redhat.com/errata/RHSA-2026:4472"
},
{
"category": "external",
"summary": "ABB Security Advisory vom 2026-03-12",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011536\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-4472 vom 2026-03-13",
"url": "https://linux.oracle.com/errata/ELSA-2026-4472.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:4472 vom 2026-03-12",
"url": "https://errata.build.resf.org/RLSA-2026:4472"
},
{
"category": "external",
"summary": "Vulnerabilities Fabasoft Cloud vom 2026-03-13",
"url": "https://help.supportservices.fabasoft.com/doc/Vulnerabilities-Fabasoft-Cloud/vulnerabilities-2026.htm"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4824 vom 2026-03-17",
"url": "https://access.redhat.com/errata/RHSA-2026:4824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4825 vom 2026-03-17",
"url": "https://access.redhat.com/errata/RHSA-2026:4825"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4943 vom 2026-03-18",
"url": "https://access.redhat.com/errata/RHSA-2026:4943"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4419 vom 2026-03-19",
"url": "https://access.redhat.com/errata/RHSA-2026:4419"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5217 vom 2026-03-23",
"url": "https://access.redhat.com/errata/RHSA-2026:5217"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5214 vom 2026-03-23",
"url": "https://access.redhat.com/errata/RHSA-2026:5214"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7267869 vom 2026-03-27",
"url": "https://www.ibm.com/support/pages/node/7267869"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268179 vom 2026-03-31",
"url": "https://www.ibm.com/support/pages/node/7268179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5873 vom 2026-04-02",
"url": "https://access.redhat.com/errata/RHSA-2026:5873"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6481 vom 2026-04-02",
"url": "https://access.redhat.com/errata/RHSA-2026:6481"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7266991 vom 2026-04-03",
"url": "https://www.ibm.com/support/pages/node/7266991"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2026-0405 vom 2026-04-15",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0405"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7239 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "external",
"summary": "VDE-CERT Security Advisory VDE-2026-023 vom 2026-04-22",
"url": "https://certvde.com/de/advisories/VDE-2026-023/"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-154 vom 2026-04-28",
"url": "https://www.dell.com/support/kbdoc/de-de/000452302/dsa-2026-154-security-update-for-dell-idrac9-and-idrac10-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21544-1 vom 2026-05-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025974.html"
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2026001 vom 2026-05-13",
"url": "https://www.insyde.com/security-pledge/sa-2026001/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:15087 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:15087"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:14773"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-144 vom 2026-05-14",
"url": "https://www.dell.com/support/kbdoc/000440810"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19187 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19187"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:19187 vom 2026-05-28",
"url": "https://errata.build.resf.org/RLSA-2026:19187"
},
{
"category": "external",
"summary": "NCP Secure Enterprise VPN Server Release Notes vom 2026-06-02",
"url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Secure_Enterprise_VPN_Server_Linux/de/NCP_RN_Linux_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
},
{
"category": "external",
"summary": "NCP Secure Enterprise VPN Server Release Notes vom 2026-06-02",
"url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Secure_Enterprise_VPN_Server_Win/de/NCP_RN_Win_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
},
{
"category": "external",
"summary": "NCP Secure Enterprise VPN Server Release Notes vom 2026-06-02",
"url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Virtual_Secure_Enterprise_VPN_Server/de/NCP_RN_Virtual_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-237 vom 2026-06-08",
"url": "https://www.dell.com/support/kbdoc/de-de/000474822/dsa-2026-237-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-08T22:00:00.000+00:00",
"generator": {
"date": "2026-06-09T08:42:24.363+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0234",
"initial_release_date": "2026-01-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2026-01-29T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux, Google, SUSE und Red Hat aufgenommen"
},
{
"date": "2026-02-01T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Oracle Linux und SUSE aufgenommen"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2026-02-03T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE und NetApp aufgenommen"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-08T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Fortinet aufgenommen"
},
{
"date": "2026-02-10T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat und Meinberg aufgenommen"
},
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-15T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-17T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE und IGEL aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon und Red Hat aufgenommen"
},
{
"date": "2026-02-19T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2026-02-22T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-23T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von openSUSE und Red Hat aufgenommen"
},
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-26T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2026-03-01T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-02T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-03T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-09T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2026-03-10T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-11T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-12T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat, Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-03-17T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-22T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-04-06T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat, IBM und IBM-APAR aufgenommen"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von VDE aufgenommen"
},
{
"date": "2026-04-28T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-05-10T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-12T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Insyde aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat und Dell aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "47"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v3 3.90",
"product": {
"name": "ABB AC-500 v3 3.90",
"product_id": "T051689",
"product_identification_helper": {
"cpe": "cpe:/h:abb:ac-500:v3_3.90"
}
}
}
],
"category": "product_name",
"name": "AC-500"
}
],
"category": "vendor",
"name": "ABB"
},
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade SANnav",
"product": {
"name": "Broadcom Brocade SANnav",
"product_id": "T050389",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:-"
}
}
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell BIOS",
"product": {
"name": "Dell BIOS",
"product_id": "T032778",
"product_identification_helper": {
"cpe": "cpe:/h:dell:bios:-"
}
}
},
{
"category": "product_name",
"name": "Dell PowerScale OneFS",
"product": {
"name": "Dell PowerScale OneFS",
"product_id": "T034610",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerscale_onefs:onefs"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
},
{
"branches": [
{
"category": "product_version_range",
"name": "9 \u003c7.30.10.50",
"product": {
"name": "Dell integrated Dell Remote Access Controller 9 \u003c7.30.10.50",
"product_id": "T053390"
}
},
{
"category": "product_version",
"name": "9 7.30.10.50",
"product": {
"name": "Dell integrated Dell Remote Access Controller 9 7.30.10.50",
"product_id": "T053390-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:idrac:9__7.30.10.50"
}
}
},
{
"category": "product_version_range",
"name": "9 \u003c7.00.00.184",
"product": {
"name": "Dell integrated Dell Remote Access Controller 9 \u003c7.00.00.184",
"product_id": "T053391"
}
},
{
"category": "product_version",
"name": "9 7.00.00.184",
"product": {
"name": "Dell integrated Dell Remote Access Controller 9 7.00.00.184",
"product_id": "T053391-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:idrac:9__7.00.00.184"
}
}
},
{
"category": "product_version_range",
"name": "10 \u003c1.30.10.50",
"product": {
"name": "Dell integrated Dell Remote Access Controller 10 \u003c1.30.10.50",
"product_id": "T053392"
}
},
{
"category": "product_version",
"name": "10 1.30.10.50",
"product": {
"name": "Dell integrated Dell Remote Access Controller 10 1.30.10.50",
"product_id": "T053392-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:idrac:10__1.30.10.50"
}
}
}
],
"category": "product_name",
"name": "integrated Dell Remote Access Controller"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fabasoft Cloud",
"product": {
"name": "Fabasoft Cloud",
"product_id": "T028413",
"product_identification_helper": {
"cpe": "cpe:/a:fabasoft:fabasoft_cloud:-"
}
}
}
],
"category": "vendor",
"name": "Fabasoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.9",
"product": {
"name": "Fortinet FortiPortal \u003c7.4.9",
"product_id": "T050600"
}
},
{
"category": "product_version",
"name": "7.4.9",
"product": {
"name": "Fortinet FortiPortal 7.4.9",
"product_id": "T050600-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortiportal:7.4.9"
}
}
}
],
"category": "product_name",
"name": "FortiPortal"
}
],
"category": "vendor",
"name": "Fortinet"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Cloud Platform",
"product": {
"name": "Google Cloud Platform",
"product_id": "393401",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.3",
"product": {
"name": "IBM AIX \u003c7.3",
"product_id": "1139691"
}
},
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2",
"product": {
"name": "IBM AIX \u003c7.2",
"product_id": "434967"
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_name",
"name": "IBM DataPower Gateway",
"product": {
"name": "IBM DataPower Gateway",
"product_id": "393635",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.7.0.0-11.7.1.6",
"product": {
"name": "IBM InfoSphere Information Server 11.7.0.0-11.7.1.6",
"product_id": "T052142",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7.0.0_-_11.7.1.6"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.1.0.34",
"product": {
"name": "IBM MQ \u003c9.1.0.34",
"product_id": "T051284"
}
},
{
"category": "product_version",
"name": "9.1.0.34",
"product": {
"name": "IBM MQ 9.1.0.34",
"product_id": "T051284-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.1.0.34"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.0.41",
"product": {
"name": "IBM MQ \u003c9.2.0.41",
"product_id": "T051285"
}
},
{
"category": "product_version",
"name": "9.2.0.41",
"product": {
"name": "IBM MQ 9.2.0.41",
"product_id": "T051285-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.2.0.41"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.0.37",
"product": {
"name": "IBM MQ \u003c9.3.0.37",
"product_id": "T051286"
}
},
{
"category": "product_version",
"name": "9.3.0.37",
"product": {
"name": "IBM MQ 9.3.0.37",
"product_id": "T051286-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.3.0.37"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.0.20",
"product": {
"name": "IBM MQ \u003c9.4.0.20",
"product_id": "T051287"
}
},
{
"category": "product_version",
"name": "9.4.0.20",
"product": {
"name": "IBM MQ 9.4.0.20",
"product_id": "T051287-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.4.0.20"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.1",
"product": {
"name": "IBM VIOS \u003c3.1",
"product_id": "1039165"
}
},
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1",
"product": {
"name": "IBM VIOS \u003c4.1",
"product_id": "1522854"
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS",
"product": {
"name": "IGEL OS",
"product_id": "T017865",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:-"
}
}
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c05.3A.07",
"product": {
"name": "Insyde UEFI Firmware \u003c05.3A.07",
"product_id": "T053951"
}
},
{
"category": "product_version",
"name": "05.3A.07",
"product": {
"name": "Insyde UEFI Firmware 05.3A.07",
"product_id": "T053951-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:05.3a.07"
}
}
},
{
"category": "product_version_range",
"name": "\u003c05.48.07",
"product": {
"name": "Insyde UEFI Firmware \u003c05.48.07",
"product_id": "T053952"
}
},
{
"category": "product_version",
"name": "05.48.07",
"product": {
"name": "Insyde UEFI Firmware 05.48.07",
"product_id": "T053952-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:05.48.07"
}
}
},
{
"category": "product_version_range",
"name": "\u003c05.56.07",
"product": {
"name": "Insyde UEFI Firmware \u003c05.56.07",
"product_id": "T053953"
}
},
{
"category": "product_version",
"name": "05.56.07",
"product": {
"name": "Insyde UEFI Firmware 05.56.07",
"product_id": "T053953-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:05.56.07"
}
}
},
{
"category": "product_version_range",
"name": "\u003c05.63.07",
"product": {
"name": "Insyde UEFI Firmware \u003c05.63.07",
"product_id": "T053955"
}
},
{
"category": "product_version",
"name": "05.63.07",
"product": {
"name": "Insyde UEFI Firmware 05.63.07",
"product_id": "T053955-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:05.63.07"
}
}
},
{
"category": "product_version_range",
"name": "\u003c05.72.07",
"product": {
"name": "Insyde UEFI Firmware \u003c05.72.07",
"product_id": "T053956"
}
},
{
"category": "product_version",
"name": "05.72.07",
"product": {
"name": "Insyde UEFI Firmware 05.72.07",
"product_id": "T053956-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:05.72.07"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.10.008",
"product": {
"name": "Meinberg LANTIME \u003c7.10.008",
"product_id": "T050722"
}
},
{
"category": "product_version",
"name": "7.10.008",
"product": {
"name": "Meinberg LANTIME 7.10.008",
"product_id": "T050722-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:7.10.008"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c14.10 r32489",
"product": {
"name": "NCP Secure Enterprise VPN Server \u003c14.10 r32489",
"product_id": "T054958"
}
},
{
"category": "product_version",
"name": "14.10 r32489",
"product": {
"name": "NCP Secure Enterprise VPN Server 14.10 r32489",
"product_id": "T054958-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ncp-e:secure_enterprise_vpn_server:14.10_r32489"
}
}
}
],
"category": "product_name",
"name": "Secure Enterprise VPN Server"
}
],
"category": "vendor",
"name": "NCP"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "Open Source Camunda 7",
"product_id": "T051292",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7"
}
}
}
],
"category": "product_name",
"name": "Camunda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.6.1",
"product": {
"name": "Open Source OpenSSL \u003c3.6.1",
"product_id": "T050360"
}
},
{
"category": "product_version",
"name": "3.6.1",
"product": {
"name": "Open Source OpenSSL 3.6.1",
"product_id": "T050360-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.6.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.5.5",
"product": {
"name": "Open Source OpenSSL \u003c3.5.5",
"product_id": "T050361"
}
},
{
"category": "product_version",
"name": "3.5.5",
"product": {
"name": "Open Source OpenSSL 3.5.5",
"product_id": "T050361-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.5.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.4.4",
"product": {
"name": "Open Source OpenSSL \u003c3.4.4",
"product_id": "T050362"
}
},
{
"category": "product_version",
"name": "3.4.4",
"product": {
"name": "Open Source OpenSSL 3.4.4",
"product_id": "T050362-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.4.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.3.6",
"product": {
"name": "Open Source OpenSSL \u003c3.3.6",
"product_id": "T050363"
}
},
{
"category": "product_version",
"name": "3.3.6",
"product": {
"name": "Open Source OpenSSL 3.3.6",
"product_id": "T050363-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.3.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.0.19",
"product": {
"name": "Open Source OpenSSL \u003c3.0.19",
"product_id": "T050364"
}
},
{
"category": "product_version",
"name": "3.0.19",
"product": {
"name": "Open Source OpenSSL 3.0.19",
"product_id": "T050364-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.19"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.1.1ze",
"product": {
"name": "Open Source OpenSSL \u003c1.1.1ze",
"product_id": "T050365"
}
},
{
"category": "product_version",
"name": "1.1.1ze",
"product": {
"name": "Open Source OpenSSL 1.1.1ze",
"product_id": "T050365-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.1.1ze"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.0.2zn",
"product": {
"name": "Open Source OpenSSL \u003c1.0.2zn",
"product_id": "T050366"
}
},
{
"category": "product_version",
"name": "1.0.2zn",
"product": {
"name": "Open Source OpenSSL 1.0.2zn",
"product_id": "T050366-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.0.2zn"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.6.1",
"product": {
"name": "Phoenix Contact FL MGUARD \u003c10.6.1",
"product_id": "T053186"
}
},
{
"category": "product_version",
"name": "10.6.1",
"product": {
"name": "Phoenix Contact FL MGUARD 10.6.1",
"product_id": "T053186-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:phoenixcontact:fl_mguard:10.6.1"
}
}
}
],
"category": "product_name",
"name": "FL MGUARD"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.57",
"product": {
"name": "Phoenix Contact FL SWITCH \u003c3.57",
"product_id": "T053187"
}
},
{
"category": "product_version",
"name": "3.57",
"product": {
"name": "Phoenix Contact FL SWITCH 3.57",
"product_id": "T053187-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:phoenixcontact:fl_switch:3.57"
}
}
}
],
"category": "product_name",
"name": "FL SWITCH"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.8.9",
"product": {
"name": "Phoenix Contact TC ROUTER \u003c3.8.9",
"product_id": "T053188"
}
},
{
"category": "product_version",
"name": "3.8.9",
"product": {
"name": "Phoenix Contact TC ROUTER 3.8.9",
"product_id": "T053188-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:phoenixcontact:tc_router:3.8.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.72.102",
"product": {
"name": "Phoenix Contact TC ROUTER \u003c5.0.72.102",
"product_id": "T053189"
}
},
{
"category": "product_version",
"name": "5.0.72.102",
"product": {
"name": "Phoenix Contact TC ROUTER 5.0.72.102",
"product_id": "T053189-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:phoenixcontact:tc_router:5.0.72.102"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.6.24",
"product": {
"name": "Phoenix Contact TC ROUTER \u003c1.6.24",
"product_id": "T053190"
}
},
{
"category": "product_version",
"name": "1.6.24",
"product": {
"name": "Phoenix Contact TC ROUTER 1.6.24",
"product_id": "T053190-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:phoenixcontact:tc_router:1.6.24"
}
}
}
],
"category": "product_name",
"name": "TC ROUTER"
}
],
"category": "vendor",
"name": "Phoenix Contact"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.57",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.57",
"product_id": "T050973"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.57",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.57",
"product_id": "T050973-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.57"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.62",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.62",
"product_id": "T051279"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.62",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.62",
"product_id": "T051279-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.62"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.62",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.62",
"product_id": "T051881"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.62",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.62",
"product_id": "T051881-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.62"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.59",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.59",
"product_id": "T052389"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.59",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.59",
"product_id": "T052389-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.59"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.65",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.65",
"product_id": "T052914"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.65",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.65",
"product_id": "T052914-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.65"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.64",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.64",
"product_id": "T054017"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.64",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.64",
"product_id": "T054017-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.64"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.2",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.2.2",
"product_id": "T052870"
}
},
{
"category": "product_version",
"name": "10.2.2",
"product": {
"name": "Splunk Splunk Enterprise 10.2.2",
"product_id": "T052870-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.5",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.0.5",
"product_id": "T052871"
}
},
{
"category": "product_version",
"name": "10.0.5",
"product": {
"name": "Splunk Splunk Enterprise 10.0.5",
"product_id": "T052871-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.0.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.10",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.10",
"product_id": "T052872"
}
},
{
"category": "product_version",
"name": "9.4.10",
"product": {
"name": "Splunk Splunk Enterprise 9.4.10",
"product_id": "T052872-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.11",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.11",
"product_id": "T052873"
}
},
{
"category": "product_version",
"name": "9.3.11",
"product": {
"name": "Splunk Splunk Enterprise 9.3.11",
"product_id": "T052873-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.11"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11187",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-11187"
},
{
"cve": "CVE-2025-15467",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-15468",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-15468"
},
{
"cve": "CVE-2025-15469",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-15469"
},
{
"cve": "CVE-2025-66199",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-66199"
},
{
"cve": "CVE-2025-68160",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-69418",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2026-22795",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"product_status": {
"known_affected": [
"T050973",
"T004914",
"T052872",
"T054017",
"T052873",
"T052870",
"T052871",
"1139691",
"T050722",
"T021415",
"T053956",
"398363",
"T052142",
"T050361",
"T034610",
"T050360",
"T053392",
"T051292",
"434967",
"T053390",
"7654",
"T053391",
"1039165",
"393635",
"1522854",
"T050366",
"T053955",
"T050600",
"T053952",
"T053953",
"T050363",
"T050362",
"T052389",
"T053951",
"T050365",
"T050364",
"2951",
"T002207",
"T054958",
"T027843",
"T053190",
"T028413",
"T053187",
"T053188",
"T051285",
"T051284",
"T053186",
"67646",
"T051689",
"393401",
"T051287",
"T051286",
"T053189",
"T051881",
"T032778",
"T050389",
"T051279",
"T032255",
"T052048",
"T032495",
"T017865",
"T052914",
"T000126"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-22796"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…