Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-30922 (GCVE-0-2026-30922)
Vulnerability from cvelistv5 – Published: 2026-03-18 02:29 – Updated: 2026-05-01 16:21
VLAI
EPSS
Title
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Summary
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
4 references
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30922",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T20:16:18.738732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T20:17:53.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-01T16:21:04.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/20/4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pyasn1",
"vendor": "pyasn1",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T02:29:45.857Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
},
{
"name": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
}
],
"source": {
"advisory": "GHSA-jr27-m4p2-rc6r",
"discovery": "UNKNOWN"
},
"title": "pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30922",
"datePublished": "2026-03-18T02:29:45.857Z",
"dateReserved": "2026-03-07T16:40:05.884Z",
"dateUpdated": "2026-05-01T16:21:04.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-30922",
"date": "2026-06-17",
"epss": "0.0058",
"percentile": "0.43083"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-30922\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-18T04:17:18.397\",\"lastModified\":\"2026-05-01T17:16:21.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \\\"Indefinite Length\\\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.\"},{\"lang\":\"es\",\"value\":\"pyasn1 es una biblioteca ASN.1 gen\u00e9rica para Python. Antes de la versi\u00f3n 0.6.3, la biblioteca \u0027pyasn1\u0027 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) causado por recursi\u00f3n incontrolada al decodificar datos ASN.1 con estructuras profundamente anidadas. Un atacante puede suministrar una carga \u00fatil manipulada que contenga miles de etiquetas \u0027SEQUENCE\u0027 (\u00270x30\u0027) o \u0027SET\u0027 (\u00270x31\u0027) anidadas con marcadores de \u0027Longitud Indefinida\u0027 (\u00270x80\u0027). Esto fuerza al decodificador a llamarse recursivamente hasta que el int\u00e9rprete de Python falla con un \u0027RecursionError\u0027 o consume toda la memoria disponible (OOM), provocando la ca\u00edda de la aplicaci\u00f3n anfitriona. Esta es una vulnerabilidad distinta de CVE-2026-23490 (que abord\u00f3 desbordamientos de enteros en la decodificaci\u00f3n de OID). La soluci\u00f3n para CVE-2026-23490 (\u0027MAX_OID_ARC_CONTINUATION_OCTETS\u0027) no mitiga este problema de recursi\u00f3n. La versi\u00f3n 0.6.3 soluciona este problema espec\u00edfico.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pyasn1:pyasn1:*:*:*:*:*:python:*:*\",\"versionEndExcluding\":\"0.6.3\",\"matchCriteriaId\":\"3F5F876E-E9B5-45D9-AE85-5E3E35AD09D7\"}]}]}],\"references\":[{\"url\":\"https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/03/20/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2026/05/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/03/20/4\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2026/05/msg00001.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-01T16:21:04.773Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-30922\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-18T20:16:18.738732Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-18T20:17:44.631Z\"}}], \"cna\": {\"title\": \"pyasn1 Vulnerable to Denial of Service via Unbounded Recursion\", \"source\": {\"advisory\": \"GHSA-jr27-m4p2-rc6r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"pyasn1\", \"product\": \"pyasn1\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.6.3\"}]}], \"references\": [{\"url\": \"https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r\", \"name\": \"https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0\", \"name\": \"https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \\\"Indefinite Length\\\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-18T02:29:45.857Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-30922\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-01T16:21:04.773Z\", \"dateReserved\": \"2026-03-07T16:40:05.884Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-18T02:29:45.857Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:1158-1
Vulnerability from csaf_suse - Published: 2026-03-31 11:55 - Updated: 2026-03-31 11:55Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-2026-1158,SUSE-SLE-Micro-5.3-2026-1158,SUSE-SLE-Micro-5.4-2026-1158,SUSE-SLE-Micro-5.5-2026-1158,SUSE-SLE-Module-Basesystem-15-SP7-2026-1158,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1158,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1158,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1158,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1158,SUSE-SUSE-MicroOS-5.2-2026-1158
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issues:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1158,SUSE-SLE-Micro-5.3-2026-1158,SUSE-SLE-Micro-5.4-2026-1158,SUSE-SLE-Micro-5.5-2026-1158,SUSE-SLE-Module-Basesystem-15-SP7-2026-1158,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1158,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1158,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1158,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1158,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1158,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1158,SUSE-SUSE-MicroOS-5.2-2026-1158",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1158-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1158-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261158-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1158-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/045194.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-31T11:55:53Z",
"generator": {
"date": "2026-03-31T11:55:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1158-1",
"initial_release_date": "2026-03-31T11:55:53Z",
"revision_history": [
{
"date": "2026-03-31T11:55:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-pyasn1-0.4.2-150000.3.16.1.noarch",
"product": {
"name": "python2-pyasn1-0.4.2-150000.3.16.1.noarch",
"product_id": "python2-pyasn1-0.4.2-150000.3.16.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"product": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"product_id": "python3-pyasn1-0.4.2-150000.3.16.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyasn1-0.4.2-150000.3.16.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
},
"product_reference": "python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python3-pyasn1-0.4.2-150000.3.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python3-pyasn1-0.4.2-150000.3.16.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-31T11:55:53Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:20821-1
Vulnerability from csaf_suse - Published: 2026-03-24 09:09 - Updated: 2026-03-24 09:09Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issue:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-SLE-Micro-6.0-637
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issue:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-637",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20821-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20821-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620821-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20821-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024900.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-24T09:09:54Z",
"generator": {
"date": "2026-03-24T09:09:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20821-1",
"initial_release_date": "2026-03-24T09:09:54Z",
"revision_history": [
{
"date": "2026-03-24T09:09:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.5.0-4.1.noarch",
"product": {
"name": "python311-pyasn1-0.5.0-4.1.noarch",
"product_id": "python311-pyasn1-0.5.0-4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-4.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:python311-pyasn1-0.5.0-4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-24T09:09:54Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:20835-1
Vulnerability from csaf_suse - Published: 2026-03-25 03:09 - Updated: 2026-03-25 03:09Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issue:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-SL-Micro-6.2-438
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issue:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-438",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20835-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20835-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620835-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20835-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025002.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-25T03:09:46Z",
"generator": {
"date": "2026-03-25T03:09:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20835-1",
"initial_release_date": "2026-03-25T03:09:46Z",
"revision_history": [
{
"date": "2026-03-25T03:09:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"product": {
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"product_id": "python313-pyasn1-0.6.1-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch"
},
"product_reference": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T03:09:46Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:20878-1
Vulnerability from csaf_suse - Published: 2026-03-25 09:44 - Updated: 2026-03-25 09:44Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issue:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-SLE-Micro-6.1-461
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issue:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-461",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20878-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20878-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620878-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20878-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025053.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-25T09:44:19Z",
"generator": {
"date": "2026-03-25T09:44:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20878-1",
"initial_release_date": "2026-03-25T09:44:19Z",
"revision_history": [
{
"date": "2026-03-25T09:44:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch",
"product": {
"name": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch",
"product_id": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
},
"product_reference": "python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:python311-pyasn1-0.5.0-slfo.1.1_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T09:44:19Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
SUSE-SU-2026:20929-1
Vulnerability from csaf_suse - Published: 2026-03-25 03:09 - Updated: 2026-03-25 03:09Summary
Security update for python-pyasn1
Severity
Important
Notes
Title of the patch: Security update for python-pyasn1
Description of the patch: This update for python-pyasn1 fixes the following issue:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
Patchnames: SUSE-SLES-16.0-438
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyasn1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyasn1 fixes the following issue:\n\n- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-438",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20929-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20929-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620929-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20929-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045223.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259803",
"url": "https://bugzilla.suse.com/1259803"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30922 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30922/"
}
],
"title": "Security update for python-pyasn1",
"tracking": {
"current_release_date": "2026-03-25T03:09:46Z",
"generator": {
"date": "2026-03-25T03:09:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20929-1",
"initial_release_date": "2026-03-25T03:09:46Z",
"revision_history": [
{
"date": "2026-03-25T03:09:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"product": {
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"product_id": "python313-pyasn1-0.6.1-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch"
},
"product_reference": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyasn1-0.6.1-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch"
},
"product_reference": "python313-pyasn1-0.6.1-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-30922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30922"
}
],
"notes": [
{
"category": "general",
"text": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30922",
"url": "https://www.suse.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "SUSE Bug 1259803 for CVE-2026-30922",
"url": "https://bugzilla.suse.com/1259803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyasn1-0.6.1-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T03:09:46Z",
"details": "important"
}
],
"title": "CVE-2026-30922"
}
]
}
WID-SEC-W-2026-0935
Vulnerability from csaf_certbund - Published: 2026-03-31 22:00 - Updated: 2026-06-16 22:00Summary
Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
References
72 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0935 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0935.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0935 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-03-31",
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-03-31",
"url": "https://access.redhat.com/errata/RHSA-2026:6309"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6404 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6404"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6278 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6278"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3215 vom 2026-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3215.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20929-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025088.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5910 vom 2026-04-02",
"url": "https://access.redhat.com/errata/RHSA-2026:5910"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21021-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025209.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8218 vom 2026-04-15",
"url": "https://access.redhat.com/errata/RHSA-2026:8218"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7269544 vom 2026-04-15",
"url": "https://www.ibm.com/support/pages/node/7269544"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8490 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8437 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10184 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10093 vom 2026-04-29",
"url": "https://access.redhat.com/errata/RHSA-2026:10093"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12176 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:12176"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11916 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11856 vom 2026-04-29",
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-12176 vom 2026-05-01",
"url": "http://linux.oracle.com/errata/ELSA-2026-12176.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13553 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13553"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13508 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13508"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13512 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13545 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13826 vom 2026-05-05",
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13917 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13917"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13916 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13916"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13672 vom 2026-05-06",
"url": "https://errata.build.resf.org/RLSA-2026:13672"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13902 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13902"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13916 vom 2026-05-07",
"url": "http://linux.oracle.com/errata/ELSA-2026-13916.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13902 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13902"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14020 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:14020"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13917 vom 2026-05-07",
"url": "http://linux.oracle.com/errata/ELSA-2026-13917.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-85B819B928 vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-85b819b928"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13916 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14873 vom 2026-05-07",
"url": "https://access.redhat.com/errata/RHSA-2026:14873"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14874 vom 2026-05-07",
"url": "https://access.redhat.com/errata/RHSA-2026:14874"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13902 vom 2026-05-07",
"url": "https://linux.oracle.com/errata/ELSA-2026-13902.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-301CBBE347 vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-301cbbe347"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-793B55138D vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-793b55138d"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13917 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13917"
},
{
"category": "external",
"summary": "HCL Security Bulletin",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130587"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4579 vom 2026-05-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00023.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:16535 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:15091 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14774 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17083 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:17083"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:16874 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273312 vom 2026-05-18",
"url": "https://www.ibm.com/support/pages/node/7273312"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19138 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19138"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19355 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19355"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19375 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19712 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20588 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:20588"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21431 vom 2026-05-28",
"url": "https://access.redhat.com/errata/RHSA-2026:21431"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21517 vom 2026-05-28",
"url": "https://access.redhat.com/errata/RHSA-2026:21517"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22131 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22131"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22134 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22134"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22135 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22135"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22133 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22133"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22132 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22132"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22330 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22330"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22465 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22970 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22970"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22969 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22969"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22987 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22987"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24761 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24977 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24762 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25041 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26214 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26211 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26211"
}
],
"source_lang": "en-US",
"title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T09:00:13.440+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0935",
"initial_release_date": "2026-03-31T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat, Amazon und SUSE aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-28T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux, Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fedora, Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-05-10T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-05-12T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI",
"product": {
"name": "HCL BigFix WebUI",
"product_id": "T036098",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T051349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "T048379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.5",
"product": {
"name": "Red Hat Ansible Automation Platform 2.5",
"product_id": "10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.5"
}
}
},
{
"category": "product_version",
"name": "2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "849D5C3D-731E-4D19-801F-338FD159A1BB",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.5",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.5",
"product_id": "T052317"
}
},
{
"category": "product_version",
"name": "2.5",
"product": {
"name": "Red Hat Ansible Automation Platform 2.5",
"product_id": "T052317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.6",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.6",
"product_id": "T052318"
}
},
{
"category": "product_version",
"name": "2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "T052318-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10.0 Extended Update Support",
"product": {
"name": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"product_id": "T054024",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0_extended_update_support"
}
}
},
{
"category": "product_version",
"name": "8.8",
"product": {
"name": "Red Hat Enterprise Linux 8.8",
"product_id": "T054696",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.64",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.64",
"product_id": "T054018"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.64",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.64",
"product_id": "T054018-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.64"
}
}
},
{
"category": "product_version",
"name": "Network Observability 1.11.2",
"product": {
"name": "Red Hat OpenShift Network Observability 1.11.2",
"product_id": "T054021",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:network_observability_1.11.2"
}
}
},
{
"category": "product_version",
"name": "Migration Toolkit for Containers",
"product": {
"name": "Red Hat OpenShift Migration Toolkit for Containers",
"product_id": "T055205",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:migration_toolkit_for_containers"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-69223",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2025-69223"
},
{
"cve": "CVE-2025-69873",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2025-69873"
},
{
"cve": "CVE-2026-25639",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-25639"
},
{
"cve": "CVE-2026-25990",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-25990"
},
{
"cve": "CVE-2026-29074",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-29074"
},
{
"cve": "CVE-2026-30827",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-30827"
},
{
"cve": "CVE-2026-30922",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-30922"
},
{
"cve": "CVE-2026-26007",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-26007"
},
{
"cve": "CVE-2026-1615",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-28498",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-28498"
},
{
"cve": "CVE-2026-28802",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-28802"
}
]
}
WID-SEC-W-2026-1007
Vulnerability from csaf_certbund - Published: 2026-04-07 22:00 - Updated: 2026-06-11 22:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um Dateien zu manipulieren, um einen Cross-Site Scripting Angriff durchzuführen, um einen SQL-Injection Angriff durchzuführen, und um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
References
14 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um Dateien zu manipulieren, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, um einen SQL-Injection Angriff durchzuf\u00fchren, und um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1007 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1007.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1007 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1007"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268737 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268737"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268738 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268738"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268740 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268740"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268741 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268741"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268743 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268743"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268744 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268744"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268745 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268745"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268747 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268747"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14087 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:14087"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17083 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:17083"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274746 vom 2026-06-01",
"url": "https://www.ibm.com/support/pages/node/7274746"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7275963 vom 2026-06-11",
"url": "https://www.ibm.com/support/pages/node/7275963"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-11T22:00:00.000+00:00",
"generator": {
"date": "2026-06-12T07:37:37.117+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1007",
"initial_release_date": "2026-04-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-11T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.7.1",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.7.1",
"product_id": "2F33676F-DD00-4E4F-ADCC-F29993D51A12"
}
},
{
"category": "product_version",
"name": "13.0.7.1",
"product": {
"name": "IBM App Connect Enterprise 13.0.7.1",
"product_id": "2F33676F-DD00-4E4F-ADCC-F29993D51A12-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.7.1"
}
}
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T052517",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10.0 Extended Update Support",
"product": {
"name": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"product_id": "T054024",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0_extended_update_support"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14550",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-14550"
},
{
"cve": "CVE-2025-14831",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-14831"
},
{
"cve": "CVE-2025-15281",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-15281"
},
{
"cve": "CVE-2025-15366",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-15366"
},
{
"cve": "CVE-2025-15367",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-15367"
},
{
"cve": "CVE-2025-15599",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-15599"
},
{
"cve": "CVE-2025-55130",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-55130"
},
{
"cve": "CVE-2025-55131",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-55131"
},
{
"cve": "CVE-2025-55132",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-55132"
},
{
"cve": "CVE-2025-59465",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-59465"
},
{
"cve": "CVE-2025-59466",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-59466"
},
{
"cve": "CVE-2025-68470",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-68470"
},
{
"cve": "CVE-2025-9820",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-9820"
},
{
"cve": "CVE-2026-0540",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-0540"
},
{
"cve": "CVE-2026-0861",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-0861"
},
{
"cve": "CVE-2026-0915",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-0915"
},
{
"cve": "CVE-2026-0980",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-0980"
},
{
"cve": "CVE-2026-1207",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1207"
},
{
"cve": "CVE-2026-1285",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1285"
},
{
"cve": "CVE-2026-1287",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1287"
},
{
"cve": "CVE-2026-1299",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1299"
},
{
"cve": "CVE-2026-1312",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1312"
},
{
"cve": "CVE-2026-1530",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1530"
},
{
"cve": "CVE-2026-1531",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1531"
},
{
"cve": "CVE-2026-1961",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1961"
},
{
"cve": "CVE-2026-21637",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-22029",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-22029"
},
{
"cve": "CVE-2026-23490",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-23490"
},
{
"cve": "CVE-2026-2436",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-2436"
},
{
"cve": "CVE-2026-25518",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-25518"
},
{
"cve": "CVE-2026-27137",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-27137"
},
{
"cve": "CVE-2026-27138",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-27138"
},
{
"cve": "CVE-2026-27959",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-27959"
},
{
"cve": "CVE-2026-29063",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-29063"
},
{
"cve": "CVE-2026-29087",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-29087"
},
{
"cve": "CVE-2026-30922",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-30922"
},
{
"cve": "CVE-2026-3632",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-3632"
},
{
"cve": "CVE-2026-3633",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-3633"
},
{
"cve": "CVE-2026-3634",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-3634"
},
{
"cve": "CVE-2026-3731",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-3731"
},
{
"cve": "CVE-2026-4271",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-4271"
},
{
"cve": "CVE-2026-4324",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-4324"
},
{
"cve": "CVE-2026-5119",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-5119"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…