Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-27152 (GCVE-0-2025-27152)
Vulnerability from cvelistv5 – Published: 2025-03-07 15:13 – Updated: 2025-03-07 19:32
VLAI
EPSS
Title
Possible SSRF and Credential Leakage via Absolute URL in axios Requests
Summary
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/axios/axios/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/axios/axios/issues/6463 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27152",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:32:00.779211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:32:17.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T15:13:15.155Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"name": "https://github.com/axios/axios/issues/6463",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/issues/6463"
}
],
"source": {
"advisory": "GHSA-jr5f-v2jv-69x6",
"discovery": "UNKNOWN"
},
"title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27152",
"datePublished": "2025-03-07T15:13:15.155Z",
"dateReserved": "2025-02-19T16:30:47.779Z",
"dateUpdated": "2025-03-07T19:32:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-27152",
"date": "2026-06-08",
"epss": "0.00212",
"percentile": "0.43778"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27152\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-07T16:15:38.773\",\"lastModified\":\"2025-11-25T17:58:17.213\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\"},{\"lang\":\"es\",\"value\":\"axios es un cliente HTTP basado en promesas para el navegador y node.js. El problema ocurre cuando se pasan URL absolutas en lugar de URL relativas al protocolo a axios. Incluso si se configura ?baseURL, axios env\u00eda la solicitud a la URL absoluta especificada, lo que puede provocar una fuga de credenciales y SSRF. Este problema afecta tanto al uso del lado del servidor como del lado del cliente de axios. Este problema se solucion\u00f3 en 1.8.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.30.0\",\"matchCriteriaId\":\"22E658DD-EA2E-454A-BEB1-3B9BC30D017E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.7.9\",\"matchCriteriaId\":\"2EFCE157-4712-4CC5-8DB4-9ACCC8C1016E\"}]}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/issues/6463\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27152\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-07T19:32:00.779211Z\"}}}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-07T19:32:13.477Z\"}}], \"cna\": {\"title\": \"Possible SSRF and Credential Leakage via Absolute URL in axios Requests\", \"source\": {\"advisory\": \"GHSA-jr5f-v2jv-69x6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"axios\", \"product\": \"axios\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.2\"}]}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"name\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/axios/axios/issues/6463\", \"name\": \"https://github.com/axios/axios/issues/6463\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \\u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-07T15:13:15.155Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27152\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-07T19:32:17.511Z\", \"dateReserved\": \"2025-02-19T16:30:47.779Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-03-07T15:13:15.155Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
NCSC-2026-0034
Vulnerability from csaf_ncscnl - Published: 2026-01-22 09:03 - Updated: 2026-01-22 09:03Summary
Kwetsbaarheden verholpen in Atlassian producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Atlassian heeft kwetsbaarheden verholpen in verschillende producten, welke gebruik maken van Oracle middle-ware producten zoals de Oracle Utilities Application Framework, WebLogic Server, Data Integrator en Business Intelligence Enterprise Edition.
Interpretaties: Deze kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een denial of service (DoS) of om zich toegang te verschaffen tot gevoelige gegevens.
Een reeks kwetsbaarheden is afkomstig van diverse Oracle-middleware software, welke in Atlassian-producten is verwerkt. Deze kwetsbaarheden zijn verholpen in de Critical Patch Update van januari 2026 van Oracle en verwerkt in de getroffen Atlassian producten.
Oplossingen: Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-23: Relative Path Traversal
CWE-121: Stack-based Buffer Overflow
CWE-285: Improper Authorization
CWE-287: Improper Authentication
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-459: Incomplete Cleanup
CWE-611: Improper Restriction of XML External Entity Reference
CWE-697: Incorrect Comparison
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1333: Inefficient Regular Expression Complexity
Recent updates address critical security vulnerabilities across various software, including Ansible, Node.js, and Golang packages, with significant fixes for ReDoS and sensitive data exposure issues.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Multiple versions of the semver package are vulnerable to Regular Expression Denial of Service (ReDoS) through the new Range function, prompting updates in various products to mitigate this risk.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Multiple Oracle products, including Utilities Application Framework, WebLogic Server, Data Integrator, and Business Intelligence Enterprise Edition, have vulnerabilities allowing unauthenticated denial of service attacks, all with a CVSS score of 7.5.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Recent updates across various AWS packages, Node.js versions, and Python libraries address security vulnerabilities, enhance functionality, and improve performance, while several vulnerability reports highlight critical issues in Oracle Communications, HPE Unified OSS Console, and the cross-spawn package.
CWE-1333 - Inefficient Regular Expression ComplexityAffected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Apache Tomcat versions 11.0.0-M1 to 11.0.0-M20, 10.1.0-M1 to 10.1.24, and 9.0.13 to 9.0.89 are vulnerable to OutOfMemoryError and Denial of Service due to improper TLS handshake handling.
8.6 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Multiple vulnerabilities in the path-to-regexp library and related components can lead to Denial of Service (DoS) attacks, particularly affecting Node.js applications and IBM App Connect Enterprise due to backtracking regex issues.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Multiple vulnerabilities across Oracle products and DOMPurify allow for data compromise, denial of service, and XSS attacks, with CVSS scores ranging from 6.3 to 7.3.
7.3 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.
8.7 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
The `qs` module's `arrayLimit` option is vulnerable to denial-of-service attacks due to its failure to enforce limits for bracket notation, allowing attackers to exploit memory exhaustion.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Recent vulnerabilities in axios, pgadmin4, and HPE software expose systems to SSRF and credential leakage, particularly through the use of absolute URLs, necessitating updates to mitigate these risks.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability and other issues, with specific versions being susceptible to Denial of Service attacks from malformed client requests.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Multiple vulnerabilities in the Oracle Enterprise Data Quality product and PostgreSQL JDBC Driver allow unauthorized access and insecure authentication, with CVSS scores indicating significant risk.
8.2 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Apache Tomcat versions 9.0.0.M1 to 9.0.106 have multiple vulnerabilities, including a race condition affecting HTTP/2 connections and denial of service flaws, alongside issues in Oracle Graph Server and HPE Unified OSS Console.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Multiple vulnerabilities affect Oracle Communications Unified Assurance and Oracle Business Intelligence Enterprise Edition, allowing denial of service attacks, while older jackson-core versions are prone to StackoverflowErrors when parsing nested data.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Apache Jackrabbit versions prior to 2.23.2 are vulnerable to blind XXE attacks due to an unsecured document build for loading privileges.
8.8 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft's OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.
9.8 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Apache Tomcat versions 1.0.0-M1 to 11.0.10 are vulnerable to a directory traversal issue that may allow remote code execution if HTTP PUT requests are enabled, alongside other security vulnerabilities in HPE UOCAM.
8.1 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Apache Struts versions 2.0.0 to 6.7.0 and 7.0.0 to 7.0.3 have a Denial of Service vulnerability due to file leak in multipart request processing, affecting NetApp products.
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
Apache Tika has multiple critical XML External Entity (XXE) injection vulnerabilities, particularly affecting PDF parsing, allowing remote attackers to exploit crafted documents for sensitive data disclosure and remote code execution.
10.0 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
The document outlines a vulnerability in the `create-hash` package due to inadequate input type checks, leading to potential hash state manipulation and security risks, particularly in the `cipher-base` npm package versions up to 1.0.4.
9.1 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
The document outlines a vulnerability in `sha.js` versions up to 2.4.11 due to insufficient input type checks, leading to potential denial of service and private key extraction risks.
9.1 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
A high severity XXE vulnerability in Crowd Data Center and Server version 7.1.0 has a CVSS score of 7.9, allowing authenticated attackers to access sensitive content without user interaction.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Atlassian / Bamboo
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Bitbucket
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Confluence
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crowd Server
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Crucible
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Fisheye
|
vers:unknown/* | ||
|
vers:unknown/*
Atlassian / Jira
|
vers:unknown/* |
References
26 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Atlassian heeft kwetsbaarheden verholpen in verschillende producten, welke gebruik maken van Oracle middle-ware producten zoals de Oracle Utilities Application Framework, WebLogic Server, Data Integrator en Business Intelligence Enterprise Edition.",
"title": "Feiten"
},
{
"category": "description",
"text": "Deze kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een denial of service (DoS) of om zich toegang te verschaffen tot gevoelige gegevens.\nEen reeks kwetsbaarheden is afkomstig van diverse Oracle-middleware software, welke in Atlassian-producten is verwerkt. Deze kwetsbaarheden zijn verholpen in de Critical Patch Update van januari 2026 van Oracle en verwerkt in de getroffen Atlassian producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://confluence.atlassian.com/security/security-bulletin-january-20-2026-1712324819.html"
}
],
"title": "Kwetsbaarheden verholpen in Atlassian producten",
"tracking": {
"current_release_date": "2026-01-22T09:03:42.667958Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0034",
"initial_release_date": "2026-01-22T09:03:42.667958Z",
"revision_history": [
{
"date": "2026-01-22T09:03:42.667958Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Crowd Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Crucible"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Fisheye"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "description",
"text": "Recent updates address critical security vulnerabilities across various software, including Ansible, Node.js, and Golang packages, with significant fixes for ReDoS and sensitive data exposure issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-3807 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-3807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2022-25883",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "description",
"text": "Multiple versions of the semver package are vulnerable to Regular Expression Denial of Service (ReDoS) through the new Range function, prompting updates in various products to mitigate this risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-25883 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-25883.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2022-25883"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple Oracle products, including Utilities Application Framework, WebLogic Server, Data Integrator, and Business Intelligence Enterprise Edition, have vulnerabilities allowing unauthenticated denial of service attacks, all with a CVSS score of 7.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-45693 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-45693.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "description",
"text": "Recent updates across various AWS packages, Node.js versions, and Python libraries address security vulnerabilities, enhance functionality, and improve performance, while several vulnerability reports highlight critical issues in Oracle Communications, HPE Unified OSS Console, and the cross-spawn package.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21538 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-21538.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2024-21538"
},
{
"cve": "CVE-2024-38286",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Apache Tomcat versions 11.0.0-M1 to 11.0.0-M20, 10.1.0-M1 to 10.1.24, and 9.0.13 to 9.0.89 are vulnerable to OutOfMemoryError and Denial of Service due to improper TLS handshake handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38286 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-38286.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "description",
"text": "Multiple vulnerabilities in the path-to-regexp library and related components can lead to Denial of Service (DoS) attacks, particularly affecting Node.js applications and IBM App Connect Enterprise due to backtracking regex issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45296 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-45296.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products and DOMPurify allow for data compromise, denial of service, and XSS attacks, with CVSS scores ranging from 6.3 to 7.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45801 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-45801.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The `qs` module\u0027s `arrayLimit` option is vulnerable to denial-of-service attacks due to its failure to enforce limits for bracket notation, allowing attackers to exploit memory exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-15284 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-15284.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-15284"
},
{
"cve": "CVE-2025-27152",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Recent vulnerabilities in axios, pgadmin4, and HPE software expose systems to SSRF and credential leakage, particularly through the use of absolute URLs, necessitating updates to mitigate these risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27152 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27152.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability and other issues, with specific versions being susceptible to Denial of Service attacks from malformed client requests.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49146",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "description",
"text": "Multiple vulnerabilities in the Oracle Enterprise Data Quality product and PostgreSQL JDBC Driver allow unauthorized access and insecure authentication, with CVSS scores indicating significant risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49146 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49146.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-49146"
},
{
"cve": "CVE-2025-52434",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "Apache Tomcat versions 9.0.0.M1 to 9.0.106 have multiple vulnerabilities, including a race condition affecting HTTP/2 connections and denial of service flaws, alongside issues in Oracle Graph Server and HPE Unified OSS Console.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52434 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52434.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Multiple vulnerabilities affect Oracle Communications Unified Assurance and Oracle Business Intelligence Enterprise Edition, allowing denial of service attacks, while older jackson-core versions are prone to StackoverflowErrors when parsing nested data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53689",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "description",
"text": "Apache Jackrabbit versions prior to 2.23.2 are vulnerable to blind XXE attacks due to an unsecured document build for loading privileges.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53689 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53689.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-53689"
},
{
"cve": "CVE-2025-54988",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft\u0027s OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat versions 1.0.0-M1 to 11.0.10 are vulnerable to a directory traversal issue that may allow remote code execution if HTTP PUT requests are enabled, alongside other security vulnerabilities in HPE UOCAM.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55752 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-64775",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Struts versions 2.0.0 to 6.7.0 and 7.0.0 to 7.0.3 have a Denial of Service vulnerability due to file leak in multipart request processing, affecting NetApp products.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64775 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64775.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-64775"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has multiple critical XML External Entity (XXE) injection vulnerabilities, particularly affecting PDF parsing, allowing remote attackers to exploit crafted documents for sensitive data disclosure and remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2025-9287",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "The document outlines a vulnerability in the `create-hash` package due to inadequate input type checks, leading to potential hash state manipulation and security risks, particularly in the `cipher-base` npm package versions up to 1.0.4.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9287 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9287.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-9287"
},
{
"cve": "CVE-2025-9288",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "The document outlines a vulnerability in `sha.js` versions up to 2.4.11 due to insufficient input type checks, leading to potential denial of service and private key extraction risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9288 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9288.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-9288"
},
{
"cve": "CVE-2026-21569",
"notes": [
{
"category": "description",
"text": "A high severity XXE vulnerability in Crowd Data Center and Server version 7.1.0 has a CVSS score of 7.9, allowing authenticated attackers to access sensitive content without user interaction.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21569 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21569.json"
}
],
"title": "CVE-2026-21569"
}
]
}
OPENSUSE-SU-2025:15307-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media
Description of the patch: These are all security issues fixed in the velociraptor-0.7.0.4.git163.87ee3570-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15307
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git163.87ee3570-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15307",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15307-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15307-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
SUSE-SU-2025:01326-1
Vulnerability from csaf_suse - Published: 2025-08-14 13:03 - Updated: 2025-08-14 13:03Summary
Security update for pgadmin4
Severity
Important
Notes
Title of the patch: Security update for pgadmin4
Description of the patch: This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)
- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)
Patchnames: SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user\u0027s session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01326-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041215.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1234840",
"url": "https://bugzilla.suse.com/1234840"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-08-14T13:03:13Z",
"generator": {
"date": "2025-08-14T13:03:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01326-1",
"initial_release_date": "2025-08-14T13:03:13Z",
"revision_history": [
{
"date": "2025-08-14T13:03:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product_id": "pgadmin4-4.30-150300.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product_id": "pgadmin4-4.30-150300.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-doc-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product_id": "pgadmin4-4.30-150300.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product_id": "pgadmin4-4.30-150300.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product_id": "pgadmin4-4.30-150300.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1907"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user\u0027s session if multiple connection attempts occur simultaneously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1907",
"url": "https://www.suse.com/security/cve/CVE-2023-1907"
},
{
"category": "external",
"summary": "SUSE Bug 1234840 for CVE-2023-1907",
"url": "https://bugzilla.suse.com/1234840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2023-1907"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
SUSE-SU-2025:1227-1
Vulnerability from csaf_suse - Published: 2025-04-14 07:06 - Updated: 2025-04-14 07:06Summary
Security update for pgadmin4
Severity
Important
Notes
Title of the patch: Security update for pgadmin4
Description of the patch: This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
Patchnames: SUSE-2025-1227,SUSE-SLE-Module-Python3-15-SP6-2025-1227,openSUSE-SLE-15.6-2025-1227
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1227,SUSE-SLE-Module-Python3-15-SP6-2025-1227,openSUSE-SLE-15.6-2025-1227",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1227-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1227-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251227-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1227-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/038971.html"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-04-14T07:06:34Z",
"generator": {
"date": "2025-04-14T07:06:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1227-1",
"initial_release_date": "2025-04-14T07:06:34Z",
"revision_history": [
{
"date": "2025-04-14T07:06:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-cloud-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-desktop-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-doc-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"product": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"product_id": "system-user-pgadmin-8.5-150600.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-14T07:06:34Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
SUSE-SU-2025:1326-1
Vulnerability from csaf_suse - Published: 2025-04-16 08:37 - Updated: 2025-04-16 08:37Summary
Security update for pgadmin4
Severity
Important
Notes
Title of the patch: Security update for pgadmin4
Description of the patch: This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)
- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)
Patchnames: SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1326,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1326,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1326,SUSE-Storage-7.1-2025-1326
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.1 (High)
Affected products
Recommended
65 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
65 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
65 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user\u0027s session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1326,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1326,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1326,SUSE-Storage-7.1-2025-1326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1326-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/039030.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1234840",
"url": "https://bugzilla.suse.com/1234840"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-04-16T08:37:10Z",
"generator": {
"date": "2025-04-16T08:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1326-1",
"initial_release_date": "2025-04-16T08:37:10Z",
"revision_history": [
{
"date": "2025-04-16T08:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product_id": "pgadmin4-4.30-150300.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product_id": "pgadmin4-4.30-150300.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-doc-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product_id": "pgadmin4-4.30-150300.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product_id": "pgadmin4-4.30-150300.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product_id": "pgadmin4-4.30-150300.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1907"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user\u0027s session if multiple connection attempts occur simultaneously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1907",
"url": "https://www.suse.com/security/cve/CVE-2023-1907"
},
{
"category": "external",
"summary": "SUSE Bug 1234840 for CVE-2023-1907",
"url": "https://bugzilla.suse.com/1234840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-1907"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
WID-SEC-W-2025-0580
Vulnerability from csaf_certbund - Published: 2025-03-17 23:00 - Updated: 2025-05-04 22:00Summary
IBM License Metric Tool: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.
Angriff: Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder SSRF-Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM License Metric Tool <9.2.39
IBM / License Metric Tool
|
<9.2.39 |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder SSRF-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0580 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0580.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0580 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0580"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-03-17",
"url": "https://www.ibm.com/support/pages/node/7186586"
},
{
"category": "external",
"summary": "POC f\u00fcr CVE-2025-25184",
"url": "https://advisories.gitlab.com/pkg/gem/rack/CVE-2025-25184/"
},
{
"category": "external",
"summary": "POC f\u00fcr CVE-2024-52798",
"url": "https://github.com/advisories/GHSA-rhx6-c78j-4q9w"
},
{
"category": "external",
"summary": "HCL Article KB0120960 vom 2025-05-02",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120960"
}
],
"source_lang": "en-US",
"title": "IBM License Metric Tool: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-04T22:00:00.000+00:00",
"generator": {
"date": "2025-05-05T08:08:53.411+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0580",
"initial_release_date": "2025-03-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Compliance",
"product": {
"name": "HCL BigFix Compliance",
"product_id": "T038823",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:compliance"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.39",
"product": {
"name": "IBM License Metric Tool \u003c9.2.39",
"product_id": "T041960"
}
},
{
"category": "product_version",
"name": "9.2.39",
"product": {
"name": "IBM License Metric Tool 9.2.39",
"product_id": "T041960-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2.39"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10917",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-10917"
},
{
"cve": "CVE-2024-12797",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-12797"
},
{
"cve": "CVE-2024-21208",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21217",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-52798",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-52798"
},
{
"cve": "CVE-2024-57965",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-57965"
},
{
"cve": "CVE-2025-27111",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-27111"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-25184",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-25184"
}
]
}
WID-SEC-W-2025-0705
Vulnerability from csaf_certbund - Published: 2025-04-03 22:00 - Updated: 2025-04-15 22:00Summary
HCL BigFix WebUI-Anwendungen: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff: Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren, erhöhte Privilegien zu erlangen, einen Denial-of-Service-Zustand auszulösen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Reports
HCL / BigFix
|
cpe:/a:hcltech:bigfix:reports
|
Reports | |
|
HCL BigFix WebUI Applications
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui_applications
|
WebUI Applications |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Reports
HCL / BigFix
|
cpe:/a:hcltech:bigfix:reports
|
Reports | |
|
HCL BigFix WebUI Applications
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui_applications
|
WebUI Applications |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Reports
HCL / BigFix
|
cpe:/a:hcltech:bigfix:reports
|
Reports | |
|
HCL BigFix WebUI Applications
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui_applications
|
WebUI Applications |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Reports
HCL / BigFix
|
cpe:/a:hcltech:bigfix:reports
|
Reports | |
|
HCL BigFix WebUI Applications
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui_applications
|
WebUI Applications |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Reports
HCL / BigFix
|
cpe:/a:hcltech:bigfix:reports
|
Reports | |
|
HCL BigFix WebUI Applications
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui_applications
|
WebUI Applications |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Reports
HCL / BigFix
|
cpe:/a:hcltech:bigfix:reports
|
Reports | |
|
HCL BigFix WebUI Applications
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui_applications
|
WebUI Applications |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren, erh\u00f6hte Privilegien zu erlangen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0705 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0705.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0705 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0705"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-04-03",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120318"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-27152 2025-04-03",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-25977 2025-04-03",
"url": "https://github.com/canvg/canvg/issues/1749"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-27789 2025-04-03",
"url": "https://github.com/babel/babel/pull/17173"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-04-15",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120590"
}
],
"source_lang": "en-US",
"title": "HCL BigFix WebUI-Anwendungen: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:43.315+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0705",
"initial_release_date": "2025-04-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI Applications",
"product": {
"name": "HCL BigFix WebUI Applications",
"product_id": "T042383",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui_applications"
}
}
},
{
"category": "product_version",
"name": "Reports",
"product": {
"name": "HCL BigFix Reports",
"product_id": "T042923",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:reports"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47764",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2024-47764"
},
{
"cve": "CVE-2025-25977",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-25977"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-27789"
},
{
"cve": "CVE-2025-29774",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-29774"
},
{
"cve": "CVE-2025-29775",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-29775"
}
]
}
WID-SEC-W-2025-0841
Vulnerability from csaf_certbund - Published: 2025-04-16 22:00 - Updated: 2025-05-08 22:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszuspähen oder seine Privilegien zu eskalieren
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <13.0.3.0
IBM / App Connect Enterprise
|
<13.0.3.0 | ||
|
IBM App Connect Enterprise <12.0.12.13
IBM / App Connect Enterprise
|
<12.0.12.13 | ||
|
IBM App Connect Enterprise <12.11.0
IBM / App Connect Enterprise
|
<12.11.0 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <13.0.3.0
IBM / App Connect Enterprise
|
<13.0.3.0 | ||
|
IBM App Connect Enterprise <12.0.12.13
IBM / App Connect Enterprise
|
<12.0.12.13 | ||
|
IBM App Connect Enterprise <12.11.0
IBM / App Connect Enterprise
|
<12.11.0 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <13.0.3.0
IBM / App Connect Enterprise
|
<13.0.3.0 | ||
|
IBM App Connect Enterprise <12.0.12.13
IBM / App Connect Enterprise
|
<12.0.12.13 | ||
|
IBM App Connect Enterprise <12.11.0
IBM / App Connect Enterprise
|
<12.11.0 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <13.0.3.0
IBM / App Connect Enterprise
|
<13.0.3.0 | ||
|
IBM App Connect Enterprise <12.0.12.13
IBM / App Connect Enterprise
|
<12.0.12.13 | ||
|
IBM App Connect Enterprise <12.11.0
IBM / App Connect Enterprise
|
<12.11.0 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszusp\u00e4hen oder seine Privilegien zu eskalieren",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0841 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0841.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0841 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0841"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-16",
"url": "https://www.ibm.com/support/pages/node/7231056"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232928 vom 2025-05-08",
"url": "https://www.ibm.com/support/pages/node/7232928"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-08T22:00:00.000+00:00",
"generator": {
"date": "2025-05-09T07:44:26.369+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0841",
"initial_release_date": "2025-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.3.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.3.0",
"product_id": "T042961"
}
},
{
"category": "product_version",
"name": "13.0.3.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.3.0",
"product_id": "T042961-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.3.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.13",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.13",
"product_id": "T042962"
}
},
{
"category": "product_version",
"name": "12.0.12.13",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.13",
"product_id": "T042962-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.11.0",
"product": {
"name": "IBM App Connect Enterprise \u003c12.11.0",
"product_id": "T043525"
}
},
{
"category": "product_version",
"name": "12.11.0",
"product": {
"name": "IBM App Connect Enterprise 12.11.0",
"product_id": "T043525-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.11.0"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57965",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-57965"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-29774",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-29774"
},
{
"cve": "CVE-2025-29775",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-29775"
}
]
}
WID-SEC-W-2025-0930
Vulnerability from csaf_certbund - Published: 2025-05-04 22:00 - Updated: 2025-05-04 22:00Summary
IBM Business Automation Workflow: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen, oder Informationen auszuspähen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <DT426591
IBM / Business Automation Workflow
|
<DT426591 | ||
|
IBM Business Automation Workflow <DT424716
IBM / Business Automation Workflow
|
<DT424716 | ||
|
IBM Business Automation Workflow <24.0.1-IF002
IBM / Business Automation Workflow
|
<24.0.1-IF002 | ||
|
IBM Business Automation Workflow <24.0.0-IF005
IBM / Business Automation Workflow
|
<24.0.0-IF005 | ||
|
IBM Business Automation Workflow <DT433330
IBM / Business Automation Workflow
|
<DT433330 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <DT426591
IBM / Business Automation Workflow
|
<DT426591 | ||
|
IBM Business Automation Workflow <DT424716
IBM / Business Automation Workflow
|
<DT424716 | ||
|
IBM Business Automation Workflow <24.0.1-IF002
IBM / Business Automation Workflow
|
<24.0.1-IF002 | ||
|
IBM Business Automation Workflow <DT423873
IBM / Business Automation Workflow
|
<DT423873 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.1-IF001
IBM / Business Automation Workflow
|
<24.0.1-IF001 | ||
|
IBM Business Automation Workflow <DT426591
IBM / Business Automation Workflow
|
<DT426591 | ||
|
IBM Business Automation Workflow <DT424716
IBM / Business Automation Workflow
|
<DT424716 | ||
|
IBM Business Automation Workflow <24.0.1-IF002
IBM / Business Automation Workflow
|
<24.0.1-IF002 | ||
|
IBM Business Automation Workflow <24.0.0-IF005
IBM / Business Automation Workflow
|
<24.0.0-IF005 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <DT426591
IBM / Business Automation Workflow
|
<DT426591 | ||
|
IBM Business Automation Workflow <DT424716
IBM / Business Automation Workflow
|
<DT424716 | ||
|
IBM Business Automation Workflow <24.0.1-IF002
IBM / Business Automation Workflow
|
<24.0.1-IF002 | ||
|
IBM Business Automation Workflow <24.0.0-IF005
IBM / Business Automation Workflow
|
<24.0.0-IF005 | ||
|
IBM Business Automation Workflow <DT433330
IBM / Business Automation Workflow
|
<DT433330 | ||
|
IBM Business Automation Workflow <DT423873
IBM / Business Automation Workflow
|
<DT423873 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <DT426591
IBM / Business Automation Workflow
|
<DT426591 | ||
|
IBM Business Automation Workflow <DT424716
IBM / Business Automation Workflow
|
<DT424716 | ||
|
IBM Business Automation Workflow <24.0.1-IF002
IBM / Business Automation Workflow
|
<24.0.1-IF002 | ||
|
IBM Business Automation Workflow <24.0.0-IF005
IBM / Business Automation Workflow
|
<24.0.0-IF005 | ||
|
IBM Business Automation Workflow <DT433330
IBM / Business Automation Workflow
|
<DT433330 | ||
|
IBM Business Automation Workflow <DT423873
IBM / Business Automation Workflow
|
<DT423873 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, oder Informationen auszusp\u00e4hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0930 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0930.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0930 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0930"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232428"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232433"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232434"
}
],
"source_lang": "en-US",
"title": "IBM Business Automation Workflow: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-04T22:00:00.000+00:00",
"generator": {
"date": "2025-05-05T09:33:43.997+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0930",
"initial_release_date": "2025-05-04T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.0.1-IF002",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.1-IF002",
"product_id": "T043295"
}
},
{
"category": "product_version",
"name": "24.0.1-IF002",
"product": {
"name": "IBM Business Automation Workflow 24.0.1-IF002",
"product_id": "T043295-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if002"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.0-IF005",
"product_id": "T043296"
}
},
{
"category": "product_version",
"name": "24.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow 24.0.0-IF005",
"product_id": "T043296-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0-if005"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT433330",
"product": {
"name": "IBM Business Automation Workflow \u003cDT433330",
"product_id": "T043297"
}
},
{
"category": "product_version",
"name": "DT433330",
"product": {
"name": "IBM Business Automation Workflow DT433330",
"product_id": "T043297-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt433330"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT423873",
"product": {
"name": "IBM Business Automation Workflow \u003cDT423873",
"product_id": "T043298"
}
},
{
"category": "product_version",
"name": "DT423873",
"product": {
"name": "IBM Business Automation Workflow DT423873",
"product_id": "T043298-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt423873"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.1-IF001",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.1-IF001",
"product_id": "T043304"
}
},
{
"category": "product_version",
"name": "24.0.1-IF001",
"product": {
"name": "IBM Business Automation Workflow 24.0.1-IF001",
"product_id": "T043304-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if001"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT426591",
"product": {
"name": "IBM Business Automation Workflow \u003cDT426591",
"product_id": "T043306"
}
},
{
"category": "product_version",
"name": "DT426591",
"product": {
"name": "IBM Business Automation Workflow DT426591",
"product_id": "T043306-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt426591"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT424716",
"product": {
"name": "IBM Business Automation Workflow \u003cDT424716",
"product_id": "T043307"
}
},
{
"category": "product_version",
"name": "DT424716",
"product": {
"name": "IBM Business Automation Workflow DT424716",
"product_id": "T043307-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt424716"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-55565",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2024-55565"
},
{
"cve": "CVE-2025-1495",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-1495"
},
{
"cve": "CVE-2025-1838",
"product_status": {
"known_affected": [
"T043304",
"T043306",
"T043307",
"T043295",
"T043296"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-1838"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-27789"
}
]
}
WID-SEC-W-2025-0998
Vulnerability from csaf_certbund - Published: 2025-05-11 22:00 - Updated: 2025-06-01 22:00Summary
IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.11.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.11.0 | ||
|
IBM App Connect Enterprise Certified Container Operator LTS <12.0.11
IBM / App Connect Enterprise
|
Certified Container Operator LTS <12.0.11 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.11.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.11.0 | ||
|
IBM App Connect Enterprise Certified Container Operator LTS <12.0.11
IBM / App Connect Enterprise
|
Certified Container Operator LTS <12.0.11 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.11.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.11.0 | ||
|
IBM App Connect Enterprise Certified Container Operator LTS <12.0.11
IBM / App Connect Enterprise
|
Certified Container Operator LTS <12.0.11 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.11.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.11.0 | ||
|
IBM App Connect Enterprise Certified Container Operator LTS <12.0.11
IBM / App Connect Enterprise
|
Certified Container Operator LTS <12.0.11 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.11.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.11.0 | ||
|
IBM App Connect Enterprise Certified Container Operator LTS <12.0.11
IBM / App Connect Enterprise
|
Certified Container Operator LTS <12.0.11 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.11.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.11.0 | ||
|
IBM App Connect Enterprise Certified Container Operator LTS <12.0.11
IBM / App Connect Enterprise
|
Certified Container Operator LTS <12.0.11 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.11.0
IBM / App Connect Enterprise
|
Certified Container Operator <12.11.0 | ||
|
IBM App Connect Enterprise Certified Container Operator LTS <12.0.11
IBM / App Connect Enterprise
|
Certified Container Operator LTS <12.0.11 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0998 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0998.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0998 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0998"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233039"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233046"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233054"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7235228 vom 2025-05-30",
"url": "https://www.ibm.com/support/pages/node/7235228"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-01T22:00:00.000+00:00",
"generator": {
"date": "2025-06-02T06:51:49.175+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0998",
"initial_release_date": "2025-05-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.11.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.11.0",
"product_id": "T043543"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.11.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.11.0",
"product_id": "T043543-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.11.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator LTS \u003c12.0.11",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator LTS \u003c12.0.11",
"product_id": "T043544"
}
},
{
"category": "product_version",
"name": "Certified Container Operator LTS 12.0.11",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator LTS 12.0.11",
"product_id": "T043544-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator_lts__12.0.11"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6827",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2024-6827"
},
{
"cve": "CVE-2025-1194",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-1194"
},
{
"cve": "CVE-2025-32996",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-32996"
},
{
"cve": "CVE-2025-32997",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-32997"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-27789"
},
{
"cve": "CVE-2025-1993",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-1993"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…