Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-3587 (GCVE-0-2013-3587)
Vulnerability from cvelistv5 – Published: 2020-02-21 17:11 – Updated: 2024-08-06 16:14
VLAI?
EPSS
Summary
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HTTPS protocol |
Affected:
all
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://breachattack.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/254895"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HTTPS protocol",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"datePublic": "2012-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-10T00:06:26",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://breachattack.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/254895"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HTTPS protocol",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://breachattack.com/",
"refsource": "MISC",
"url": "http://breachattack.com/"
},
{
"name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
"refsource": "MISC",
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"name": "http://slashdot.org/story/13/08/05/233216",
"refsource": "MISC",
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
"refsource": "MISC",
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"name": "https://www.blackhat.com/us-13/briefings.html#Prado",
"refsource": "MISC",
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"name": "http://github.com/meldium/breach-mitigation-rails",
"refsource": "MISC",
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
"refsource": "MISC",
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"name": "http://www.kb.cert.org/vuls/id/987798",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"name": "https://hackerone.com/reports/254895",
"refsource": "MISC",
"url": "https://hackerone.com/reports/254895"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"name": "https://support.f5.com/csp/article/K14634",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3587",
"datePublished": "2020-02-21T17:11:47",
"dateReserved": "2013-05-21T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.1.0\", \"versionEndIncluding\": \"10.2.4\", \"matchCriteriaId\": \"79618AB4-7A8E-4488-8608-57EC2F8681FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.6.1\", \"matchCriteriaId\": \"57AB5137-9797-4BA3-8725-40494DA8FFB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.2\", \"matchCriteriaId\": \"0ACC0695-E62E-4748-AA8A-46772EB8C83C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCF89E7C-806E-4800-BAA9-0225433B6C56\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.3.0\", \"versionEndIncluding\": \"11.6.1\", \"matchCriteriaId\": \"59217FC1-AFB3-479F-A369-9C7FB3DD29F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.2\", \"matchCriteriaId\": \"93212B86-21EA-4340-9149-E58F65285C15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C4E5F36-434B-48E1-9715-4EEC22FB23D1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.6.1\", \"matchCriteriaId\": \"0FCA781F-8728-4ECB-85D1-1E0AE4EEFC2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.2\", \"matchCriteriaId\": \"25944BCA-3EEB-4396-AC8F-EF58834BC47E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34D75E7F-B65F-421D-92EE-6B20756019C2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.4.0\", \"versionEndIncluding\": \"11.6.1\", \"matchCriteriaId\": \"70FB5FD7-4B96-438C-AAD3-D2E128DAA8BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.2\", \"matchCriteriaId\": \"39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D75D5AD-C20A-4D94-84E0-E695C9D2A26D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.2.0\", \"versionEndIncluding\": \"9.4.8\", \"matchCriteriaId\": \"6034A531-6A0E-4086-A76F-91C3F62C7994\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndIncluding\": \"10.2.4\", \"matchCriteriaId\": \"667D3780-3949-41AC-83DE-5BCB8B36C382\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.6.1\", \"matchCriteriaId\": \"FDDD9D77-12B6-40F4-B819-2515D357A91A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.2\", \"matchCriteriaId\": \"7CB146EF-CCAB-4194-9735-F8909E283308\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7569977A-E567-4115-B00C-4B0CBA86582E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.1.0\", \"versionEndIncluding\": \"10.2.4\", \"matchCriteriaId\": \"A8347412-DC42-4B86-BF6E-A44A5E1541ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.3.0\", \"matchCriteriaId\": \"C8942D9D-8E3A-4876-8E93-ED8D201FF546\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.2.2\", \"versionEndIncluding\": \"9.4.8\", \"matchCriteriaId\": \"E27C5743-4F94-4A1C-AD8C-25D29B65BF95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndIncluding\": \"10.2.4\", \"matchCriteriaId\": \"1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.6.1\", \"matchCriteriaId\": \"1D413BDC-8B60-494A-A218-75EAF09D1495\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.2\", \"matchCriteriaId\": \"C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2C4414E-8016-48B5-8CC3-F97FF2D85922\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndIncluding\": \"9.6.1\", \"matchCriteriaId\": \"5F293F06-4601-4074-A695-2C229CF8D126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndIncluding\": \"10.2.4\", \"matchCriteriaId\": \"289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.6.1\", \"matchCriteriaId\": \"439927F5-ECDA-4DD8-BA75-97E55C9E584F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.2\", \"matchCriteriaId\": \"C1F5FF67-5D17-4760-AFDC-4234EC1E6306\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA7D64DC-7271-4617-BD46-99C8246779CA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.3.0\", \"versionEndIncluding\": \"11.6.1\", \"matchCriteriaId\": \"632BD15C-04E6-4FD9-9410-6DE9E48F926A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.2\", \"matchCriteriaId\": \"BDE77CCE-7F97-48EA-A9D3-090B1481616F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42821916-E601-4831-B37B-3202ACF2C562\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.4.5\", \"versionEndIncluding\": \"9.4.8\", \"matchCriteriaId\": \"5522F58E-C4EA-40B4-8F44-3E95315D37EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndIncluding\": \"10.2.4\", \"matchCriteriaId\": \"2C0B4C01-C71E-4E35-B63A-68395984E033\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.4.1\", \"matchCriteriaId\": \"9828CBA5-BB72-46E2-987D-633A5B3E2AFF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndIncluding\": \"10.2.4\", \"matchCriteriaId\": \"BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.3.0\", \"matchCriteriaId\": \"68BC025A-D45E-45FB-A4E4-1C89320B5BBE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.4.0\", \"versionEndIncluding\": \"9.4.8\", \"matchCriteriaId\": \"3F383EBC-4739-4514-9EC0-BE17AC453735\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndIncluding\": \"10.2.4\", \"matchCriteriaId\": \"AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.3.0\", \"matchCriteriaId\": \"7C75978B-566B-4353-8716-099CB8790EE0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.1.0\", \"matchCriteriaId\": \"15CE213B-F42C-4C2E-AFBD-852AB049FF8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"442D343A-973B-4C33-B99B-1EA2B7670DE5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndIncluding\": \"5.3.1\", \"matchCriteriaId\": \"794651B6-E22C-4A6F-9B1F-AA94BEDD44FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.4.0\", \"matchCriteriaId\": \"F20E6644-F925-4283-AD92-7B0696F52310\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \\\"BREACH\\\" attack, a different issue than CVE-2012-4929.\"}, {\"lang\": \"es\", \"value\": \"El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo \\\"man-in-the-middle\\\" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, tambi\\u00e9n se conoce como ataque \\\"BREACH\\\", un problema diferente de CVE-2012-4929.\"}]",
"id": "CVE-2013-3587",
"lastModified": "2024-11-21T01:53:56.283",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-02-21T18:15:11.427",
"references": "[{\"url\": \"http://breachattack.com/\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://github.com/meldium/breach-mitigation-rails\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://slashdot.org/story/13/08/05/233216\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/987798\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=995168\", \"source\": \"cret@cert.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/254895\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://support.f5.com/csp/article/K14634\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.blackhat.com/us-13/briefings.html#Prado\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://breachattack.com/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://github.com/meldium/breach-mitigation-rails\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://slashdot.org/story/13/08/05/233216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/987798\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=995168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/254895\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.f5.com/csp/article/K14634\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.blackhat.com/us-13/briefings.html#Prado\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2013-3587\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2020-02-21T18:15:11.427\",\"lastModified\":\"2024-11-21T01:53:56.283\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \\\"BREACH\\\" attack, a different issue than CVE-2012-4929.\"},{\"lang\":\"es\",\"value\":\"El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo \\\"man-in-the-middle\\\" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, tambi\u00e9n se conoce como ataque \\\"BREACH\\\", un problema diferente de CVE-2012-4929.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"79618AB4-7A8E-4488-8608-57EC2F8681FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"57AB5137-9797-4BA3-8725-40494DA8FFB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"0ACC0695-E62E-4748-AA8A-46772EB8C83C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCF89E7C-806E-4800-BAA9-0225433B6C56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"59217FC1-AFB3-479F-A369-9C7FB3DD29F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"93212B86-21EA-4340-9149-E58F65285C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C4E5F36-434B-48E1-9715-4EEC22FB23D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"0FCA781F-8728-4ECB-85D1-1E0AE4EEFC2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"25944BCA-3EEB-4396-AC8F-EF58834BC47E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34D75E7F-B65F-421D-92EE-6B20756019C2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.4.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"70FB5FD7-4B96-438C-AAD3-D2E128DAA8BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D75D5AD-C20A-4D94-84E0-E695C9D2A26D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.0\",\"versionEndIncluding\":\"9.4.8\",\"matchCriteriaId\":\"6034A531-6A0E-4086-A76F-91C3F62C7994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"667D3780-3949-41AC-83DE-5BCB8B36C382\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"FDDD9D77-12B6-40F4-B819-2515D357A91A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"7CB146EF-CCAB-4194-9735-F8909E283308\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569977A-E567-4115-B00C-4B0CBA86582E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"A8347412-DC42-4B86-BF6E-A44A5E1541ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"C8942D9D-8E3A-4876-8E93-ED8D201FF546\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.2\",\"versionEndIncluding\":\"9.4.8\",\"matchCriteriaId\":\"E27C5743-4F94-4A1C-AD8C-25D29B65BF95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"1D413BDC-8B60-494A-A218-75EAF09D1495\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C4414E-8016-48B5-8CC3-F97FF2D85922\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.6.1\",\"matchCriteriaId\":\"5F293F06-4601-4074-A695-2C229CF8D126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"439927F5-ECDA-4DD8-BA75-97E55C9E584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"C1F5FF67-5D17-4760-AFDC-4234EC1E6306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA7D64DC-7271-4617-BD46-99C8246779CA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"632BD15C-04E6-4FD9-9410-6DE9E48F926A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"BDE77CCE-7F97-48EA-A9D3-090B1481616F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42821916-E601-4831-B37B-3202ACF2C562\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.5\",\"versionEndIncluding\":\"9.4.8\",\"matchCriteriaId\":\"5522F58E-C4EA-40B4-8F44-3E95315D37EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"2C0B4C01-C71E-4E35-B63A-68395984E033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.4.1\",\"matchCriteriaId\":\"9828CBA5-BB72-46E2-987D-633A5B3E2AFF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"68BC025A-D45E-45FB-A4E4-1C89320B5BBE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndIncluding\":\"9.4.8\",\"matchCriteriaId\":\"3F383EBC-4739-4514-9EC0-BE17AC453735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"7C75978B-566B-4353-8716-099CB8790EE0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.1.0\",\"matchCriteriaId\":\"15CE213B-F42C-4C2E-AFBD-852AB049FF8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"442D343A-973B-4C33-B99B-1EA2B7670DE5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.3.1\",\"matchCriteriaId\":\"794651B6-E22C-4A6F-9B1F-AA94BEDD44FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.4.0\",\"matchCriteriaId\":\"F20E6644-F925-4283-AD92-7B0696F52310\"}]}]}],\"references\":[{\"url\":\"http://breachattack.com/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://github.com/meldium/breach-mitigation-rails\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://slashdot.org/story/13/08/05/233216\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/987798\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=995168\",\"source\":\"cret@cert.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/254895\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E\",\"source\":\"cret@cert.org\"},{\"url\":\"https://support.f5.com/csp/article/K14634\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.blackhat.com/us-13/briefings.html#Prado\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://breachattack.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://github.com/meldium/breach-mitigation-rails\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://slashdot.org/story/13/08/05/233216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/987798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=995168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/254895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.f5.com/csp/article/K14634\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.blackhat.com/us-13/briefings.html#Prado\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
GHSA-HH3M-FGXM-FQ25
Vulnerability from github – Published: 2022-05-05 00:29 – Updated: 2024-04-03 23:58
VLAI?
Details
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Severity ?
5.9 (Medium)
{
"affected": [],
"aliases": [
"CVE-2013-3587"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-21T18:15:00Z",
"severity": "MODERATE"
},
"details": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \u0026quot;BREACH\u0026quot; attack, a different issue than CVE-2012-4929.",
"id": "GHSA-hh3m-fgxm-fq25",
"modified": "2024-04-03T23:58:19Z",
"published": "2022-05-05T00:29:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3587"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/254895"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K14634"
},
{
"type": "WEB",
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django"
},
{
"type": "WEB",
"url": "http://breachattack.com"
},
{
"type": "WEB",
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"type": "WEB",
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"type": "WEB",
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"type": "WEB",
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/987798"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2013-3587
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-3587",
"description": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929.",
"id": "GSD-2013-3587",
"references": [
"https://www.suse.com/security/cve/CVE-2013-3587.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-3587"
],
"details": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929.",
"id": "GSD-2013-3587",
"modified": "2023-12-13T01:22:22.818313Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HTTPS protocol",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://breachattack.com/",
"refsource": "MISC",
"url": "http://breachattack.com/"
},
{
"name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
"refsource": "MISC",
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"name": "http://slashdot.org/story/13/08/05/233216",
"refsource": "MISC",
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
"refsource": "MISC",
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"name": "https://www.blackhat.com/us-13/briefings.html#Prado",
"refsource": "MISC",
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"name": "http://github.com/meldium/breach-mitigation-rails",
"refsource": "MISC",
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
"refsource": "MISC",
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"name": "http://www.kb.cert.org/vuls/id/987798",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"name": "https://hackerone.com/reports/254895",
"refsource": "MISC",
"url": "https://hackerone.com/reports/254895"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"name": "https://support.f5.com/csp/article/K14634",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.4.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.3.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3587"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"name": "http://slashdot.org/story/13/08/05/233216",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"name": "http://breachattack.com/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://breachattack.com/"
},
{
"name": "https://www.blackhat.com/us-13/briefings.html#Prado",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"name": "https://hackerone.com/reports/254895",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/254895"
},
{
"name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"name": "http://www.kb.cert.org/vuls/id/987798",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"name": "https://support.f5.com/csp/article/K14634",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "http://github.com/meldium/breach-mitigation-rails",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-01T19:44Z",
"publishedDate": "2020-02-21T18:15Z"
}
}
}
WID-SEC-W-2024-2086
Vulnerability from csaf_certbund - Published: 2024-09-09 22:00 - Updated: 2024-09-09 22:00Summary
SAP Patchday September 2024
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2086 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2086.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2086 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2086"
},
{
"category": "external",
"summary": "SAP Security Patch Day \u2013 September 2024 vom 2024-09-09",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2024",
"tracking": {
"current_release_date": "2024-09-09T22:00:00.000+00:00",
"generator": {
"date": "2024-09-10T10:03:41.307+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-2086",
"initial_release_date": "2024-09-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T031077",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-3587",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2013-3587"
},
{
"cve": "CVE-2022-0778",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2023-0215",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2024-33003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-33003"
},
{
"cve": "CVE-2024-41728",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41728"
},
{
"cve": "CVE-2024-41729",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41729"
},
{
"cve": "CVE-2024-41730",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41730"
},
{
"cve": "CVE-2024-42371",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42371"
},
{
"cve": "CVE-2024-42378",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42378"
},
{
"cve": "CVE-2024-42380",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42380"
},
{
"cve": "CVE-2024-44112",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44112"
},
{
"cve": "CVE-2024-44113",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44113"
},
{
"cve": "CVE-2024-44114",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44114"
},
{
"cve": "CVE-2024-44115",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44115"
},
{
"cve": "CVE-2024-44116",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44116"
},
{
"cve": "CVE-2024-44117",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44117"
},
{
"cve": "CVE-2024-44120",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44120"
},
{
"cve": "CVE-2024-44121",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44121"
},
{
"cve": "CVE-2024-45279",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45279"
},
{
"cve": "CVE-2024-45280",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45280"
},
{
"cve": "CVE-2024-45281",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45281"
},
{
"cve": "CVE-2024-45283",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45283"
},
{
"cve": "CVE-2024-45284",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45284"
},
{
"cve": "CVE-2024-45285",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45285"
},
{
"cve": "CVE-2024-45286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45286"
}
]
}
NCSC-2024-0378
Vulnerability from csaf_ncscnl - Published: 2024-09-19 11:37 - Updated: 2024-09-19 11:37Summary
Kwetsbaarheden verholpen in SAP producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft kwetsbaarheden verholpen in diverse producten, zoals SAP, Business Warehouse, NetWeaver, HANA, Business Objects en Commerce.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Cross-Site Scripting (XSS)
- Omzeilen van authenticatie
- Omzeilen van beveiligingsmaatregel
- Uitvoer van willekeurige code (gebruikersrechten)
- Toegang tot gevoelige gegevens
Oplossingen
SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
CWE-426
Untrusted Search Path
CWE-256
Plaintext Storage of a Password
CWE-325
Missing Cryptographic Step
CWE-862
Missing Authorization
CWE-863
Incorrect Authorization
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft kwetsbaarheden verholpen in diverse producten, zoals SAP, Business Warehouse, NetWeaver, HANA, Business Objects en Commerce.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Cross-Site Scripting (XSS)\n- Omzeilen van authenticatie\n- Omzeilen van beveiligingsmaatregel\n- Uitvoer van willekeurige code (gebruikersrechten)\n- Toegang tot gevoelige gegevens",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "Exposure of Sensitive Information Due to Incompatible Policies",
"title": "CWE-213"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - sap",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
],
"title": "Kwetsbaarheden verholpen in SAP producten",
"tracking": {
"current_release_date": "2024-09-19T11:37:39.757598Z",
"id": "NCSC-2024-0378",
"initial_release_date": "2024-09-19T11:37:39.757598Z",
"revision_history": [
{
"date": "2024-09-19T11:37:39.757598Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637389",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637390",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637391",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496469",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496470",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496471",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496473",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496474",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496475",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496476",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496477",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496478",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496479",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496480",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496481",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496482",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "businessobjects_business_intelligence_platform",
"product": {
"name": "businessobjects_business_intelligence_platform",
"product_id": "CSAFPID-55202",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_cloud",
"product": {
"name": "commerce_cloud",
"product_id": "CSAFPID-382448",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173007",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173009",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173010",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173004",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74446",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74448",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74436",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74454",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74442",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74453",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74434",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74449",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74432",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-340930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-1637232",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:912:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262157",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262158",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262162",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262164",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262165",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262166",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637253",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637250",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75d:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637252",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75e:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637255",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75f:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637254",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75g:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637256",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75h:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637251",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75i:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_as_for_java",
"product": {
"name": "netweaver_as_for_java",
"product_id": "CSAFPID-164614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_as_for_java:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_as_java",
"product": {
"name": "netweaver_as_java",
"product_id": "CSAFPID-837776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_as_java:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637280",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637282",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637278",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637283",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637284",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637276",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637274",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637287",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637281",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637279",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637273",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637275",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637285",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637288",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637286",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637277",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637272",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_enterprise_portal",
"product": {
"name": "netweaver_enterprise_portal",
"product_id": "CSAFPID-55577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642794",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642796",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642797",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642798",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642799",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642800",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642801",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642802",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642804",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642805",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642806",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637374",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637375",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637376",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637377",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637378",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637379",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637380",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637381",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637382",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637383",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637384",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637385",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637386",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637387",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637388",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637260",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637267",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_616:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637266",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637263",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637264",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637265",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_801:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637262",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637259",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637257",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637268",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637258",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637270",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637269",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap",
"product": {
"name": "sap",
"product_id": "CSAFPID-1498297",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:sap:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1614510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1637289",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475932",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475933",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475927",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475931",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475928",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475934",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475929",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "sap"
},
{
"branches": [
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637074",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637075",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637076",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637077",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637079",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637080",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637081",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637082",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637083",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637086",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637087",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637088",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637089",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_businessobjects_business_intelligence_platform",
"product": {
"name": "sap_businessobjects_business_intelligence_platform",
"product_id": "CSAFPID-1464457",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637153",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637154",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637155",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637157",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637158",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637159",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637160",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637161",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637162",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637164",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637165",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637166",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637167",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637137",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637138",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637139",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637140",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637143",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637144",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637145",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637146",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75d:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637147",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75e:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637148",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75f:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637149",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75g:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637150",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75h:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637151",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75i:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559119",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559121",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559126",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559127",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559128",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559129",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559130",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559131",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559132",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637090",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637091",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637092",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:912:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_as_for_java__destination_service_",
"product": {
"name": "sap_netweaver_as_for_java__destination_service_",
"product_id": "CSAFPID-1637194",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_as_for_java__destination_service_:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_as_java__logon_application_",
"product": {
"name": "sap_netweaver_as_java__logon_application_",
"product_id": "CSAFPID-1637152",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_as_java__logon_application_:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637093",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637094",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637095",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637096",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637097",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637098",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637099",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637103",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637104",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637105",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_enterprise_portal",
"product": {
"name": "sap_netweaver_enterprise_portal",
"product_id": "CSAFPID-1550602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637171",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637172",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637173",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_616:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637174",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637175",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637176",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637177",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_801:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637178",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637179",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637180",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637181",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637168",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637169",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637170",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4_hana__statutory_reports_",
"product": {
"name": "sap_s_4_hana__statutory_reports_",
"product_id": "CSAFPID-1637136",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4_hana__statutory_reports_:900:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_102:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637114",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_103:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637115",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_104:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637116",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_105:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637117",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637118",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637119",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637112",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614213",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614214",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1637190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614215",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614217",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614218",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614219",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614220",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614221",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:808:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "sap_se"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-3587",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1498297",
"CSAFPID-382448"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2013-3587",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2013/CVE-2013-3587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1498297",
"CSAFPID-382448"
]
}
],
"title": "CVE-2013-3587"
},
{
"cve": "CVE-2024-41728",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41728",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-41728"
},
{
"cve": "CVE-2024-41729",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637093",
"CSAFPID-1637094",
"CSAFPID-1637095",
"CSAFPID-1637096",
"CSAFPID-1637097",
"CSAFPID-1637098",
"CSAFPID-1637099",
"CSAFPID-1637100",
"CSAFPID-1637101",
"CSAFPID-1637102",
"CSAFPID-1637103",
"CSAFPID-1637104",
"CSAFPID-1637105",
"CSAFPID-1637106",
"CSAFPID-1637107",
"CSAFPID-1637108",
"CSAFPID-1637109",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41729",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41729.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637093",
"CSAFPID-1637094",
"CSAFPID-1637095",
"CSAFPID-1637096",
"CSAFPID-1637097",
"CSAFPID-1637098",
"CSAFPID-1637099",
"CSAFPID-1637100",
"CSAFPID-1637101",
"CSAFPID-1637102",
"CSAFPID-1637103",
"CSAFPID-1637104",
"CSAFPID-1637105",
"CSAFPID-1637106",
"CSAFPID-1637107",
"CSAFPID-1637108",
"CSAFPID-1637109",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-41729"
},
{
"cve": "CVE-2024-42371",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42371",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42371"
},
{
"cve": "CVE-2024-42378",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637110",
"CSAFPID-1637111",
"CSAFPID-1637112",
"CSAFPID-1637113",
"CSAFPID-1637114",
"CSAFPID-1637115",
"CSAFPID-1637116",
"CSAFPID-1637117",
"CSAFPID-1637118",
"CSAFPID-1637119",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42378",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42378.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637110",
"CSAFPID-1637111",
"CSAFPID-1637112",
"CSAFPID-1637113",
"CSAFPID-1637114",
"CSAFPID-1637115",
"CSAFPID-1637116",
"CSAFPID-1637117",
"CSAFPID-1637118",
"CSAFPID-1637119",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42378"
},
{
"cve": "CVE-2024-42380",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42380",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42380.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42380"
},
{
"cve": "CVE-2024-44112",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637153",
"CSAFPID-1637154",
"CSAFPID-1637155",
"CSAFPID-1637156",
"CSAFPID-1637157",
"CSAFPID-1637158",
"CSAFPID-1637159",
"CSAFPID-1637160",
"CSAFPID-1637161",
"CSAFPID-1637162",
"CSAFPID-1637163",
"CSAFPID-1637164",
"CSAFPID-1637165",
"CSAFPID-1637166",
"CSAFPID-1637167",
"CSAFPID-1498297",
"CSAFPID-1642792",
"CSAFPID-1642793",
"CSAFPID-1642794",
"CSAFPID-1642795",
"CSAFPID-1642796",
"CSAFPID-1642797",
"CSAFPID-1642798",
"CSAFPID-1642799",
"CSAFPID-1642800",
"CSAFPID-1642801",
"CSAFPID-1642802",
"CSAFPID-1642803",
"CSAFPID-1642804",
"CSAFPID-1642805",
"CSAFPID-1642806"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44112",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44112.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637153",
"CSAFPID-1637154",
"CSAFPID-1637155",
"CSAFPID-1637156",
"CSAFPID-1637157",
"CSAFPID-1637158",
"CSAFPID-1637159",
"CSAFPID-1637160",
"CSAFPID-1637161",
"CSAFPID-1637162",
"CSAFPID-1637163",
"CSAFPID-1637164",
"CSAFPID-1637165",
"CSAFPID-1637166",
"CSAFPID-1637167",
"CSAFPID-1498297",
"CSAFPID-1642792",
"CSAFPID-1642793",
"CSAFPID-1642794",
"CSAFPID-1642795",
"CSAFPID-1642796",
"CSAFPID-1642797",
"CSAFPID-1642798",
"CSAFPID-1642799",
"CSAFPID-1642800",
"CSAFPID-1642801",
"CSAFPID-1642802",
"CSAFPID-1642803",
"CSAFPID-1642804",
"CSAFPID-1642805",
"CSAFPID-1642806"
]
}
],
"title": "CVE-2024-44112"
},
{
"cve": "CVE-2024-44113",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637073",
"CSAFPID-1637074",
"CSAFPID-1637075",
"CSAFPID-1637076",
"CSAFPID-1637077",
"CSAFPID-1637078",
"CSAFPID-1637079",
"CSAFPID-1637080",
"CSAFPID-1637081",
"CSAFPID-1637082",
"CSAFPID-1637083",
"CSAFPID-1637084",
"CSAFPID-1637085",
"CSAFPID-1637086",
"CSAFPID-1637087",
"CSAFPID-1637088",
"CSAFPID-1637089",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44113",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44113.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637073",
"CSAFPID-1637074",
"CSAFPID-1637075",
"CSAFPID-1637076",
"CSAFPID-1637077",
"CSAFPID-1637078",
"CSAFPID-1637079",
"CSAFPID-1637080",
"CSAFPID-1637081",
"CSAFPID-1637082",
"CSAFPID-1637083",
"CSAFPID-1637084",
"CSAFPID-1637085",
"CSAFPID-1637086",
"CSAFPID-1637087",
"CSAFPID-1637088",
"CSAFPID-1637089",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44113"
},
{
"cve": "CVE-2024-44114",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44114",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44114"
},
{
"cve": "CVE-2024-44115",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44115",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44115"
},
{
"cve": "CVE-2024-44116",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44116",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44116.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44116"
},
{
"cve": "CVE-2024-44117",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44117",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44117.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44117"
},
{
"cve": "CVE-2024-44120",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1550602",
"CSAFPID-55577",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44120",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44120.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1550602",
"CSAFPID-55577",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44120"
},
{
"cve": "CVE-2024-44121",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information Due to Incompatible Policies",
"title": "CWE-213"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637136",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44121",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44121.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637136",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44121"
},
{
"cve": "CVE-2024-45279",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637137",
"CSAFPID-1637138",
"CSAFPID-1637139",
"CSAFPID-1637140",
"CSAFPID-1637141",
"CSAFPID-1637142",
"CSAFPID-1637143",
"CSAFPID-1637144",
"CSAFPID-1637145",
"CSAFPID-1637146",
"CSAFPID-1637147",
"CSAFPID-1637148",
"CSAFPID-1637149",
"CSAFPID-1637150",
"CSAFPID-1637151",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45279",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45279.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637137",
"CSAFPID-1637138",
"CSAFPID-1637139",
"CSAFPID-1637140",
"CSAFPID-1637141",
"CSAFPID-1637142",
"CSAFPID-1637143",
"CSAFPID-1637144",
"CSAFPID-1637145",
"CSAFPID-1637146",
"CSAFPID-1637147",
"CSAFPID-1637148",
"CSAFPID-1637149",
"CSAFPID-1637150",
"CSAFPID-1637151",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45279"
},
{
"cve": "CVE-2024-45280",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637152",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45280",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45280.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637152",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45280"
},
{
"cve": "CVE-2024-45281",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464457",
"CSAFPID-55202",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45281",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45281.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1464457",
"CSAFPID-55202",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45281"
},
{
"cve": "CVE-2024-45283",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "other",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637194",
"CSAFPID-164614",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45283",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45283.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637194",
"CSAFPID-164614",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45283"
},
{
"cve": "CVE-2024-45284",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1614213",
"CSAFPID-1614214",
"CSAFPID-1637190",
"CSAFPID-1614215",
"CSAFPID-1614216",
"CSAFPID-1614217",
"CSAFPID-1614218",
"CSAFPID-1614219",
"CSAFPID-1614220",
"CSAFPID-1614221",
"CSAFPID-1614510",
"CSAFPID-1475927",
"CSAFPID-1475928",
"CSAFPID-1475929",
"CSAFPID-1475930",
"CSAFPID-1475931",
"CSAFPID-1475932",
"CSAFPID-1475933",
"CSAFPID-1475934",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45284",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45284.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1614213",
"CSAFPID-1614214",
"CSAFPID-1637190",
"CSAFPID-1614215",
"CSAFPID-1614216",
"CSAFPID-1614217",
"CSAFPID-1614218",
"CSAFPID-1614219",
"CSAFPID-1614220",
"CSAFPID-1614221",
"CSAFPID-1614510",
"CSAFPID-1475927",
"CSAFPID-1475928",
"CSAFPID-1475929",
"CSAFPID-1475930",
"CSAFPID-1475931",
"CSAFPID-1475932",
"CSAFPID-1475933",
"CSAFPID-1475934",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45284"
},
{
"cve": "CVE-2024-45285",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45285",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45285.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45285"
},
{
"cve": "CVE-2024-45286",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637168",
"CSAFPID-1637169",
"CSAFPID-1637170",
"CSAFPID-1637171",
"CSAFPID-1637172",
"CSAFPID-1637173",
"CSAFPID-1637174",
"CSAFPID-1637175",
"CSAFPID-1637176",
"CSAFPID-1637177",
"CSAFPID-1637178",
"CSAFPID-1637179",
"CSAFPID-1637180",
"CSAFPID-1637181",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45286.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637168",
"CSAFPID-1637169",
"CSAFPID-1637170",
"CSAFPID-1637171",
"CSAFPID-1637172",
"CSAFPID-1637173",
"CSAFPID-1637174",
"CSAFPID-1637175",
"CSAFPID-1637176",
"CSAFPID-1637177",
"CSAFPID-1637178",
"CSAFPID-1637179",
"CSAFPID-1637180",
"CSAFPID-1637181",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45286"
}
]
}
CERTFR-2024-AVI-0754
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP pour Oil & Gas | SAP pour Oil & Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | Business Warehouse | Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA (Manage Incoming Payment Files) | S/4 HANA version 900 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver BW | NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | SAP NetWeaver AS Java | NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de sécurité | ||
| SAP | SAP Student Life Cycle Management | Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de sécurité | ||
| SAP | Replication Server | Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de sécurité | ||
| SAP | Production et Revenue Accounting | Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité | ||
| SAP | S/4HANA eProcurement | S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP pour Oil \u0026 Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP pour Oil \u0026 Gas",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Warehouse",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA version 900 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA (Manage Incoming Payment Files)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver BW",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP Student Life Cycle Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Production et Revenue Accounting",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA eProcurement",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45281"
},
{
"name": "CVE-2024-44115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44115"
},
{
"name": "CVE-2024-45279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45279"
},
{
"name": "CVE-2024-44117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44117"
},
{
"name": "CVE-2024-33003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33003"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45285"
},
{
"name": "CVE-2024-45286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45286"
},
{
"name": "CVE-2024-44116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44116"
},
{
"name": "CVE-2024-44113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44113"
},
{
"name": "CVE-2024-41729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41729"
},
{
"name": "CVE-2024-44112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44112"
},
{
"name": "CVE-2024-41728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41728"
},
{
"name": "CVE-2024-42371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42371"
},
{
"name": "CVE-2024-42380",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42380"
},
{
"name": "CVE-2024-45280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45280"
},
{
"name": "CVE-2024-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45283"
},
{
"name": "CVE-2013-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3587"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2024-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45284"
},
{
"name": "CVE-2024-44114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44114"
},
{
"name": "CVE-2024-41730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41730"
},
{
"name": "CVE-2024-44121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44121"
},
{
"name": "CVE-2024-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42378"
},
{
"name": "CVE-2024-44120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44120"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0754",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2024-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
]
}
CERTFR-2024-AVI-0754
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP pour Oil & Gas | SAP pour Oil & Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | Business Warehouse | Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA (Manage Incoming Payment Files) | S/4 HANA version 900 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver BW | NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | SAP NetWeaver AS Java | NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de sécurité | ||
| SAP | SAP Student Life Cycle Management | Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de sécurité | ||
| SAP | Replication Server | Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de sécurité | ||
| SAP | Production et Revenue Accounting | Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité | ||
| SAP | S/4HANA eProcurement | S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP pour Oil \u0026 Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP pour Oil \u0026 Gas",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Warehouse",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA version 900 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA (Manage Incoming Payment Files)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver BW",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP Student Life Cycle Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Production et Revenue Accounting",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA eProcurement",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45281"
},
{
"name": "CVE-2024-44115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44115"
},
{
"name": "CVE-2024-45279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45279"
},
{
"name": "CVE-2024-44117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44117"
},
{
"name": "CVE-2024-33003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33003"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45285"
},
{
"name": "CVE-2024-45286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45286"
},
{
"name": "CVE-2024-44116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44116"
},
{
"name": "CVE-2024-44113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44113"
},
{
"name": "CVE-2024-41729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41729"
},
{
"name": "CVE-2024-44112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44112"
},
{
"name": "CVE-2024-41728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41728"
},
{
"name": "CVE-2024-42371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42371"
},
{
"name": "CVE-2024-42380",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42380"
},
{
"name": "CVE-2024-45280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45280"
},
{
"name": "CVE-2024-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45283"
},
{
"name": "CVE-2013-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3587"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2024-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45284"
},
{
"name": "CVE-2024-44114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44114"
},
{
"name": "CVE-2024-41730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41730"
},
{
"name": "CVE-2024-44121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44121"
},
{
"name": "CVE-2024-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42378"
},
{
"name": "CVE-2024-44120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44120"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0754",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2024-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
]
}
FKIE_CVE-2013-3587
Vulnerability from fkie_nvd - Published: 2020-02-21 18:15 - Updated: 2024-11-21 01:53
Severity ?
Summary
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79618AB4-7A8E-4488-8608-57EC2F8681FE",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57AB5137-9797-4BA3-8725-40494DA8FFB2",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACC0695-E62E-4748-AA8A-46772EB8C83C",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59217FC1-AFB3-479F-A369-9C7FB3DD29F0",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93212B86-21EA-4340-9149-E58F65285C15",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA781F-8728-4ECB-85D1-1E0AE4EEFC2B",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25944BCA-3EEB-4396-AC8F-EF58834BC47E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70FB5FD7-4B96-438C-AAD3-D2E128DAA8BF",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6034A531-6A0E-4086-A76F-91C3F62C7994",
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "667D3780-3949-41AC-83DE-5BCB8B36C382",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDD9D77-12B6-40F4-B819-2515D357A91A",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB146EF-CCAB-4194-9735-F8909E283308",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8347412-DC42-4B86-BF6E-A44A5E1541ED",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8942D9D-8E3A-4876-8E93-ED8D201FF546",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E27C5743-4F94-4A1C-AD8C-25D29B65BF95",
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D413BDC-8B60-494A-A218-75EAF09D1495",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F293F06-4601-4074-A695-2C229CF8D126",
"versionEndIncluding": "9.6.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "439927F5-ECDA-4DD8-BA75-97E55C9E584F",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F5FF67-5D17-4760-AFDC-4234EC1E6306",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "632BD15C-04E6-4FD9-9410-6DE9E48F926A",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE77CCE-7F97-48EA-A9D3-090B1481616F",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5522F58E-C4EA-40B4-8F44-3E95315D37EA",
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0B4C01-C71E-4E35-B63A-68395984E033",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9828CBA5-BB72-46E2-987D-633A5B3E2AFF",
"versionEndIncluding": "11.4.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68BC025A-D45E-45FB-A4E4-1C89320B5BBE",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F383EBC-4739-4514-9EC0-BE17AC453735",
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C75978B-566B-4353-8716-099CB8790EE0",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CE213B-F42C-4C2E-AFBD-852AB049FF8A",
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "442D343A-973B-4C33-B99B-1EA2B7670DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "794651B6-E22C-4A6F-9B1F-AA94BEDD44FF",
"versionEndIncluding": "5.3.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E6644-F925-4283-AD92-7B0696F52310",
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
},
{
"lang": "es",
"value": "El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo \"man-in-the-middle\" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, tambi\u00e9n se conoce como ataque \"BREACH\", un problema diferente de CVE-2012-4929."
}
],
"id": "CVE-2013-3587",
"lastModified": "2024-11-21T01:53:56.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-21T18:15:11.427",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://breachattack.com/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/254895"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://breachattack.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/254895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-202002-0569
Vulnerability from variot - Updated: 2023-12-18 11:21The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. Compressed HTTPS By observing the length of the response, the attacker HTTPS From stream ciphertext, website authentication key, etc. (secret) Is possible to guess. Salesforce.com of Angelo Prado He reports as follows. * Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS responses to recover data from the response body. * While the CRIME attack is currently believed to be mitigated by disabling TLS/SSL/level compression, compressed HTTP responses represent a significant unmitigated vector which is currently exploitable. By injecting plaintext into an HTTPS request, an attacker can learn information about the corresponding HTTPS response by measuring its size. * This relies on the attacker being able to observe the size of the cipher text received by the browser while triggering a number of strategically crafted requests to a target site. To recover a particular secret in an HTTPS response body, the attacker guesses character by character, sending a pair of requests for each guess. The correct guess will result in a smaller HTTPS response. For each guess the attacker coerces the victim's browser to issue two requests. The first request includes a payload of the form: "target_secret_name=++" ...while the second request includes a payload of the form: "target_secret_name=++". * If the size of the first response is smaller than the second response, this indicates that the guess has a good chance of being correct. This method of sending two similar requests and comparing them is due to Duong and Rizzo. If multiple candidates are found, the following is a useful recovery mechanism: move forward in parallel with both candidates until it becomes clear which guess is correct. * With a token of length 32 and a character space of size 16 (e.g. hex), the attacker needs an average of approximately 1,000 request if no recovery mechanisms are needed. In practice, we have been able to recover CSRF tokens with fewer than 4,000 requests. A browser like Google Chrome or Internet Explorer is able to issue this number of requests in under 30 seconds, including callbacks to the attacker command & control center. [In order to conduct the attack, the following conditions must be true]: * 1. HTTPS-enabled endpoint (ideally with stream ciphers like RC4, although the attack can be made to work with adaptive padding for block ciphers). * 2. The attacker must be able to measure the size of HTTPS responses. * 3. Use of HTTP-level compression (e.g. gzip). * 4. A request parameter that is reflected in the response body. * 5. A static secret in the body (e.g. CSRF token, sessionId, VIEWSTATE, PII, etc.) that can be bootstrapped (either first/last two characters are predictable and/or the secret is padded with something like KnownSecretVariableName="". * 6. An otherwise static or relatively static response. Dynamic pages do not defeat the attack, but make it much more expensive.Encrypted by a remote third party HTTPS From the response, the key used to authenticate the website CSRF Information such as tokens (secret) May get you. TLS protocol is prone to an information-disclosure vulnerability. A man-in-the-middle attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol, which communicates via Hypertext Transfer Protocol (HTTP) on a computer network, and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. There is an information disclosure vulnerability in the HTTPS protocol, which stems from the fact that the program does not confuse the length of the encrypted data when encrypting the compressed data. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly cause a Denial of Service condition via a crafted packet.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0569",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "9.4.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "10.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "9.4.8"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "9.4.8"
},
{
"model": "arx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "5.0.0"
},
{
"model": "big-ip protocol security module",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip protocol security module",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "10.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "10.1.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip protocol security module",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "arx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "6.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "arx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "5.3.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "10.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "9.6.1"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip protocol security module",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "9.4.8"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "firepass",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "6.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "9.4.8"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "10.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "9.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "10.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip protocol security module",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "9.4.5"
},
{
"model": "firepass",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "6.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip protocol security module",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "9.2.2"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "9.2.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "10.0.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "firepass",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "7.0.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "arx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "6.4.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip wan optimization manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "tls",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "1.2"
}
],
"sources": [
{
"db": "BID",
"id": "62618"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003658"
},
{
"db": "NVD",
"id": "CVE-2013-3587"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.4.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.3.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3587"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Neal Harris and Yoel Gluck,Angelo Prado",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
],
"trust": 0.6
},
"cve": "CVE-2013-3587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "HIGH",
"enviromentalScore": 3.2,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 4.9,
"id": "CVE-2013-3587",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "HIGH",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "LOW",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-003658",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-63589",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-3587",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3587",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3587",
"trust": 0.8,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2013-003658",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-595",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63589",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-3587",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#987798"
},
{
"db": "VULHUB",
"id": "VHN-63589"
},
{
"db": "VULMON",
"id": "CVE-2013-3587"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003658"
},
{
"db": "NVD",
"id": "CVE-2013-3587"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929. Compressed HTTPS By observing the length of the response, the attacker HTTPS From stream ciphertext, website authentication key, etc. (secret) Is possible to guess. Salesforce.com of Angelo Prado He reports as follows. * Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS responses to recover data from the response body. * While the CRIME attack is currently believed to be mitigated by disabling TLS/SSL/level compression, compressed HTTP responses represent a significant unmitigated vector which is currently exploitable. By injecting plaintext into an HTTPS request, an attacker can learn information about the corresponding HTTPS response by measuring its size. * This relies on the attacker being able to observe the size of the cipher text received by the browser while triggering a number of strategically crafted requests to a target site. To recover a particular secret in an HTTPS response body, the attacker guesses character by character, sending a pair of requests for each guess. The correct guess will result in a smaller HTTPS response. For each guess the attacker coerces the victim\u0027s browser to issue two requests. The first request includes a payload of the form: \"target_secret_name=\u003calready known part of secret\u003e+\u003cguess\u003e+\u003cpadding\u003e\" ...while the second request includes a payload of the form: \"target_secret_name=\u003calready known part of secret\u003e+\u003cpadding\u003e+\u003cguess\u003e\". * If the size of the first response is smaller than the second response, this indicates that the guess has a good chance of being correct. This method of sending two similar requests and comparing them is due to Duong and Rizzo. If multiple candidates are found, the following is a useful recovery mechanism: move forward in parallel with both candidates until it becomes clear which guess is correct. * With a token of length 32 and a character space of size 16 (e.g. hex), the attacker needs an average of approximately 1,000 request if no recovery mechanisms are needed. In practice, we have been able to recover CSRF tokens with fewer than 4,000 requests. A browser like Google Chrome or Internet Explorer is able to issue this number of requests in under 30 seconds, including callbacks to the attacker command \u0026 control center. [In order to conduct the attack, the following conditions must be true]: * 1. HTTPS-enabled endpoint (ideally with stream ciphers like RC4, although the attack can be made to work with adaptive padding for block ciphers). * 2. The attacker must be able to measure the size of HTTPS responses. * 3. Use of HTTP-level compression (e.g. gzip). * 4. A request parameter that is reflected in the response body. * 5. A static secret in the body (e.g. CSRF token, sessionId, VIEWSTATE, PII, etc.) that can be bootstrapped (either first/last two characters are predictable and/or the secret is padded with something like KnownSecretVariableName=\"\". * 6. An otherwise static or relatively static response. Dynamic pages do not defeat the attack, but make it much more expensive.Encrypted by a remote third party HTTPS From the response, the key used to authenticate the website CSRF Information such as tokens (secret) May get you. TLS protocol is prone to an information-disclosure vulnerability. \nA man-in-the-middle attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol, which communicates via Hypertext Transfer Protocol (HTTP) on a computer network, and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. There is an information disclosure vulnerability in the HTTPS protocol, which stems from the fact that the program does not confuse the length of the encrypted data when encrypting the compressed data. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly cause a Denial of Service condition\nvia a crafted packet. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3587"
},
{
"db": "CERT/CC",
"id": "VU#987798"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003658"
},
{
"db": "BID",
"id": "62618"
},
{
"db": "VULHUB",
"id": "VHN-63589"
},
{
"db": "VULMON",
"id": "CVE-2013-3587"
},
{
"db": "PACKETSTORM",
"id": "137518"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3587",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#987798",
"trust": 3.6
},
{
"db": "HACKERONE",
"id": "254895",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU94916481",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003658",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-595",
"trust": 0.7
},
{
"db": "BID",
"id": "62618",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-63589",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-3587",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#987798"
},
{
"db": "VULHUB",
"id": "VHN-63589"
},
{
"db": "VULMON",
"id": "CVE-2013-3587"
},
{
"db": "BID",
"id": "62618"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003658"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "NVD",
"id": "CVE-2013-3587"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
]
},
"id": "VAR-202002-0569",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63589"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:21:29.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "docker-breach",
"trust": 0.1,
"url": "https://github.com/jselvi/docker-breach "
},
{
"title": "bash_1",
"trust": 0.1,
"url": "https://github.com/anber137/bash_1 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-3587"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63589"
},
{
"db": "NVD",
"id": "CVE-2013-3587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"trust": 2.5,
"url": "http://breachattack.com/"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"trust": 1.9,
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"trust": 1.7,
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"trust": 1.7,
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"trust": 1.7,
"url": "http://www.iacr.org/cryptodb/archive/2002/fse/3091/3091.pdf"
},
{
"trust": 1.7,
"url": "https://hackerone.com/reports/254895"
},
{
"trust": 1.7,
"url": "https://support.f5.com/csp/article/k14634"
},
{
"trust": 1.7,
"url": "https://www.blackhat.com/us-13/briefings.html#prado"
},
{
"trust": 1.7,
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3cdev.httpd.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.8,
"url": "http://breachattack.com/resources/breach%20-%20ssl,%20gone%20in%2030%20seconds.pdf "
},
{
"trust": 0.8,
"url": "http://breachattack.com/resources/breach%20-%20bh%202013%20-%20presentation.pdf "
},
{
"trust": 0.8,
"url": "http://www.iacr.org/cryptodb/archive/2002/fse/3091/3091.pdf "
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94916481/index.html"
},
{
"trust": 0.8,
"url": "http://breachattack.com/resources/breach%20-%20ssl,%20gone%20in%2030%20seconds.pdf"
},
{
"trust": 0.6,
"url": "http-compression-safe#20407"
},
{
"trust": 0.6,
"url": "http://security.stackexchange.com/questions/20406/is-"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3cdev."
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3587"
},
{
"trust": 0.3,
"url": "http://www.ietf.org/rfc/rfc5246.txt"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3cdev.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#987798"
},
{
"db": "VULHUB",
"id": "VHN-63589"
},
{
"db": "BID",
"id": "62618"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003658"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "NVD",
"id": "CVE-2013-3587"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#987798"
},
{
"db": "VULHUB",
"id": "VHN-63589"
},
{
"db": "VULMON",
"id": "CVE-2013-3587"
},
{
"db": "BID",
"id": "62618"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003658"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "NVD",
"id": "CVE-2013-3587"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#987798"
},
{
"date": "2020-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-63589"
},
{
"date": "2020-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3587"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "62618"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003658"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2020-02-21T18:15:11.427000",
"db": "NVD",
"id": "CVE-2013-3587"
},
{
"date": "2013-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-08T00:00:00",
"db": "CERT/CC",
"id": "VU#987798"
},
{
"date": "2020-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-63589"
},
{
"date": "2022-01-01T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3587"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "62618"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003658"
},
{
"date": "2023-11-07T02:15:59.040000",
"db": "NVD",
"id": "CVE-2013-3587"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BREACH vulnerability in compressed HTTPS",
"sources": [
{
"db": "CERT/CC",
"id": "VU#987798"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-595"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…