Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-46234 (GCVE-0-2023-46234)
Vulnerability from cvelistv5 – Published: 2023-10-26 14:31 – Updated: 2025-02-13 17:14
VLAI?
EPSS
Summary
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
Severity ?
6.5 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| browserify | browserify-sign |
Affected:
>= 2.6.0, <= 4.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"name": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5539"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "browserify-sign",
"vendor": "browserify",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c= 4.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T02:06:00.712Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"name": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5539"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
}
],
"source": {
"advisory": "GHSA-x9w5-v3q2-3rhw",
"discovery": "UNKNOWN"
},
"title": "browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46234",
"datePublished": "2023-10-26T14:31:35.895Z",
"dateReserved": "2023-10-19T20:34:00.946Z",
"dateUpdated": "2025-02-13T17:14:23.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:browserify:browserify-sign:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"4.2.2\", \"matchCriteriaId\": \"DE51BF6D-53CC-41A1-9530-BD9B1DCFBE6D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\\n\"}, {\"lang\": \"es\", \"value\": \"browserify-sign es un paquete para duplicar la funcionalidad de las funciones de clave p\\u00fablica criptogr\\u00e1fica del nodo, gran parte de esto se basa en el trabajo de Fedor Indutny en indutny/tls.js. Un problema de verificaci\\u00f3n de l\\u00edmite superior en la funci\\u00f3n `dsaVerify` permite a un atacante construir firmas que pueden verificarse con \\u00e9xito mediante cualquier clave p\\u00fablica, lo que lleva a un ataque de falsificaci\\u00f3n de firmas. Todos los lugares de este proyecto que implican la verificaci\\u00f3n DSA de las firmas ingresadas por los usuarios se ver\\u00e1n afectados por esta vulnerabilidad. Este problema se solucion\\u00f3 en la versi\\u00f3n 4.2.2.\"}]",
"id": "CVE-2023-46234",
"lastModified": "2024-11-21T08:28:08.000",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-10-26T15:15:09.087",
"references": "[{\"url\": \"https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5539\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-347\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-46234\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-26T15:15:09.087\",\"lastModified\":\"2025-04-10T20:47:25.493\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\"},{\"lang\":\"es\",\"value\":\"browserify-sign es un paquete para duplicar la funcionalidad de las funciones de clave p\u00fablica criptogr\u00e1fica del nodo, gran parte de esto se basa en el trabajo de Fedor Indutny en indutny/tls.js. Un problema de verificaci\u00f3n de l\u00edmite superior en la funci\u00f3n `dsaVerify` permite a un atacante construir firmas que pueden verificarse con \u00e9xito mediante cualquier clave p\u00fablica, lo que lleva a un ataque de falsificaci\u00f3n de firmas. Todos los lugares de este proyecto que implican la verificaci\u00f3n DSA de las firmas ingresadas por los usuarios se ver\u00e1n afectados por esta vulnerabilidad. Este problema se solucion\u00f3 en la versi\u00f3n 4.2.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:browserify:browserify-sign:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"4.2.2\",\"matchCriteriaId\":\"DE51BF6D-53CC-41A1-9530-BD9B1DCFBE6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5539\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
OPENSUSE-SU-2025:14663-1
Vulnerability from csaf_opensuse - Published: 2025-01-17 00:00 - Updated: 2025-01-17 00:00Summary
velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media
Notes
Title of the patch
velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media
Description of the patch
These are all security issues fixed in the velociraptor-0.7.0.4.git142.862ef23-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14663
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git142.862ef23-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14663",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14663-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14663-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IL7QOYRPFRGRS6UKU6ZYHI76FWFFUJNK/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14663-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IL7QOYRPFRGRS6UKU6ZYHI76FWFFUJNK/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1732 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44270 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45133 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45683 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46234 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21538 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23331 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24786 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-31207 page",
"url": "https://www.suse.com/security/cve/CVE-2024-31207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-37298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-37298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4067 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42459 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42460 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42461 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45296 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45811 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47875 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-48948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-48948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-48949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-48949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-51744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-51744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-55565 page",
"url": "https://www.suse.com/security/cve/CVE-2024-55565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6104/"
}
],
"title": "velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-17T00:00:00Z",
"generator": {
"date": "2025-01-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14663-1",
"initial_release_date": "2025-01-17T00:00:00Z",
"revision_history": [
{
"date": "2025-01-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"product_id": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1732"
}
],
"notes": [
{
"category": "general",
"text": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1732",
"url": "https://www.suse.com/security/cve/CVE-2023-1732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-1732"
},
{
"cve": "CVE-2023-44270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44270"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44270",
"url": "https://www.suse.com/security/cve/CVE-2023-44270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-44270"
},
{
"cve": "CVE-2023-45133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45133"
}
],
"notes": [
{
"category": "general",
"text": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45133",
"url": "https://www.suse.com/security/cve/CVE-2023-45133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-45133"
},
{
"cve": "CVE-2023-45683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45683"
}
],
"notes": [
{
"category": "general",
"text": "github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim\u0027s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45683",
"url": "https://www.suse.com/security/cve/CVE-2023-45683"
},
{
"category": "external",
"summary": "SUSE Bug 1216308 for CVE-2023-45683",
"url": "https://bugzilla.suse.com/1216308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-45683"
},
{
"cve": "CVE-2023-46234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46234"
}
],
"notes": [
{
"category": "general",
"text": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46234",
"url": "https://www.suse.com/security/cve/CVE-2023-46234"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46234"
},
{
"cve": "CVE-2024-21538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21538"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21538",
"url": "https://www.suse.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "SUSE Bug 1233843 for CVE-2024-21538",
"url": "https://bugzilla.suse.com/1233843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-21538"
},
{
"cve": "CVE-2024-23331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23331"
}
],
"notes": [
{
"category": "general",
"text": "Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn\u0027t discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23331",
"url": "https://www.suse.com/security/cve/CVE-2024-23331"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-23331"
},
{
"cve": "CVE-2024-24786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24786"
}
],
"notes": [
{
"category": "general",
"text": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24786",
"url": "https://www.suse.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "SUSE Bug 1226136 for CVE-2024-24786",
"url": "https://bugzilla.suse.com/1226136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-31207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-31207"
}
],
"notes": [
{
"category": "general",
"text": "Vite (French word for \"quick\", pronounced /vit/, like \"veet\") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-31207",
"url": "https://www.suse.com/security/cve/CVE-2024-31207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-31207"
},
{
"cve": "CVE-2024-37298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-37298"
}
],
"notes": [
{
"category": "general",
"text": "gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-37298",
"url": "https://www.suse.com/security/cve/CVE-2024-37298"
},
{
"category": "external",
"summary": "SUSE Bug 1227309 for CVE-2024-37298",
"url": "https://bugzilla.suse.com/1227309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-37298"
},
{
"cve": "CVE-2024-4067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4067"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4067",
"url": "https://www.suse.com/security/cve/CVE-2024-4067"
},
{
"category": "external",
"summary": "SUSE Bug 1224255 for CVE-2024-4067",
"url": "https://bugzilla.suse.com/1224255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4067"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-42459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42459"
}
],
"notes": [
{
"category": "general",
"text": "In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42459",
"url": "https://www.suse.com/security/cve/CVE-2024-42459"
},
{
"category": "external",
"summary": "SUSE Bug 1232538 for CVE-2024-42459",
"url": "https://bugzilla.suse.com/1232538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-42459"
},
{
"cve": "CVE-2024-42460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42460"
}
],
"notes": [
{
"category": "general",
"text": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42460",
"url": "https://www.suse.com/security/cve/CVE-2024-42460"
},
{
"category": "external",
"summary": "SUSE Bug 1232538 for CVE-2024-42460",
"url": "https://bugzilla.suse.com/1232538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-42460"
},
{
"cve": "CVE-2024-42461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42461"
}
],
"notes": [
{
"category": "general",
"text": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42461",
"url": "https://www.suse.com/security/cve/CVE-2024-42461"
},
{
"category": "external",
"summary": "SUSE Bug 1232538 for CVE-2024-42461",
"url": "https://bugzilla.suse.com/1232538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-42461"
},
{
"cve": "CVE-2024-45296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45296"
}
],
"notes": [
{
"category": "general",
"text": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45296",
"url": "https://www.suse.com/security/cve/CVE-2024-45296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2024-45811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45811"
}
],
"notes": [
{
"category": "general",
"text": "Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import\u0026raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45811",
"url": "https://www.suse.com/security/cve/CVE-2024-45811"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45811"
},
{
"cve": "CVE-2024-45812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45812"
}
],
"notes": [
{
"category": "general",
"text": "Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`. However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser\u0027s named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server. This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45812",
"url": "https://www.suse.com/security/cve/CVE-2024-45812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45812"
},
{
"cve": "CVE-2024-47068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47068"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47068",
"url": "https://www.suse.com/security/cve/CVE-2024-47068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47068"
},
{
"cve": "CVE-2024-47875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47875"
}
],
"notes": [
{
"category": "general",
"text": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47875",
"url": "https://www.suse.com/security/cve/CVE-2024-47875"
},
{
"category": "external",
"summary": "SUSE Bug 1231571 for CVE-2024-47875",
"url": "https://bugzilla.suse.com/1231571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-48948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-48948"
}
],
"notes": [
{
"category": "general",
"text": "The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve\u0027s base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-48948",
"url": "https://www.suse.com/security/cve/CVE-2024-48948"
},
{
"category": "external",
"summary": "SUSE Bug 1231681 for CVE-2024-48948",
"url": "https://bugzilla.suse.com/1231681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-48948"
},
{
"cve": "CVE-2024-48949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-48949"
}
],
"notes": [
{
"category": "general",
"text": "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-48949",
"url": "https://www.suse.com/security/cve/CVE-2024-48949"
},
{
"category": "external",
"summary": "SUSE Bug 1231557 for CVE-2024-48949",
"url": "https://bugzilla.suse.com/1231557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-48949"
},
{
"cve": "CVE-2024-51744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-51744"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-51744",
"url": "https://www.suse.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "SUSE Bug 1232936 for CVE-2024-51744",
"url": "https://bugzilla.suse.com/1232936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2024-51744"
},
{
"cve": "CVE-2024-55565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-55565"
}
],
"notes": [
{
"category": "general",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-55565",
"url": "https://www.suse.com/security/cve/CVE-2024-55565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-55565"
},
{
"cve": "CVE-2024-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6104"
}
],
"notes": [
{
"category": "general",
"text": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6104",
"url": "https://www.suse.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1227024 for CVE-2024-6104",
"url": "https://bugzilla.suse.com/1227024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-6104"
}
]
}
CERTFR-2024-AVI-0145
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | N/A | IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05 | ||
| IBM | QRadar | IBM QRadar Use Case Manager App versions antérieures à 3.9.0 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | WebSphere | IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22 | ||
| IBM | Db2 | IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | QRadar WinCollect Agent | IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF05",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 3.9.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.22",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.x.x ant\u00e9rieures \u00e0 5.1.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.1.9",
"product": {
"name": "QRadar WinCollect Agent",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.3.x ant\u00e9rieures \u00e0 5.1.9.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-6681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6681"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2023-34053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34053"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2023-46308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47747"
},
{
"name": "CVE-2023-47158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47158"
},
{
"name": "CVE-2022-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23529"
},
{
"name": "CVE-2023-34054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34054"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50308"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2020-28367",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-32559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2023-4586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4586"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2022-29244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47746"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-37276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37276"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2023-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47141"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2023-45193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45193"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2023-47145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47145"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22190"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2020-19909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19909"
},
{
"name": "CVE-2022-48337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48337"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2020-29510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29510"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-48339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34062"
},
{
"name": "CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-36046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36046"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-27859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27859"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2023-32006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-36665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36665"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-14039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-47152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47152"
},
{
"name": "CVE-2023-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
},
{
"name": "CVE-2020-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0145",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117872 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117872"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118592 du 16 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118592"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117873 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118289 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118289"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118351 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118351"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117821 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117821"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117883 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117883"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117881 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117881"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117884 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117884"
}
]
}
CERTFR-2024-AVI-1006
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Core Data Center versions 9.12.x antérieures à 9.12.15 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.17.x antérieures à 5.17.4 | ||
| Atlassian | Jira | Jira Core Server versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions 8.5.x antérieures à 8.5.17 LTS | ||
| Atlassian | Jira | Jira Core Server versions 9.4.x antérieures à 9.4.28 LTS | ||
| Atlassian | Jira | Jira Core Server versions 9.17.x antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.17.x antérieures à 5.17.4 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x antérieures à 8.9.8 | ||
| Atlassian | Jira | Jira Core Data Center versions 9.17.x antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Core Server versions 9.12.x antérieures à 9.12.15 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions 8.x antérieures à 8.9.8 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.12.x antérieures à 5.12.15 LTS | ||
| Atlassian | Jira | Jira Core Data Center versions 9.4.x antérieures à 9.4.28 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 5.4.x antérieures à 5.4.28 LTS | ||
| Atlassian | Jira | Jira Core Data Center versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.5.x antérieures à 8.5.17 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.1.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.12.x antérieures à 5.12.15 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 7.19.x antérieures à 7.19.29 LTS | ||
| Atlassian | Confluence | Confluence Server versions 7.19.x antérieures à 7.19.29 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.4.x antérieures à 5.4.28 LTS |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Core Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 8.9.8",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.x ant\u00e9rieures \u00e0 8.9.8",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1006",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98022",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98022"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98299",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98299"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98481",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98481"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98442",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98442"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15626",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15626"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15689",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15689"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98484",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98484"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JRASERVER-78199",
"url": "https://jira.atlassian.com/browse/JRASERVER-78199"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98231",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98231"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98021",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98021"
}
]
}
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2012-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0881"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0305",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147813"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147943"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147727"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147728"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147726"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148063"
}
]
}
CERTFR-2025-AVI-0214
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.4.1 pour Intel | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.5.0 pour Power | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03 | ||
| IBM | Sterling | Sterling B2B Integrator versions antérieures à 6.1.2.7 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-45638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
},
{
"name": "CVE-2022-48565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2023-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2025-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2022-48566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2024-45643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
},
{
"name": "CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2022-4742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
"url": "https://www.ibm.com/support/pages/node/7185937"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
"url": "https://www.ibm.com/support/pages/node/7185675"
},
{
"published_at": "2025-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
"url": "https://www.ibm.com/support/pages/node/7185257"
},
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
"url": "https://www.ibm.com/support/pages/node/7185938"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
"url": "https://www.ibm.com/support/pages/node/7185353"
}
]
}
CERTFR-2024-AVI-0419
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics versions antérieures à 4.1.16 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Extreme Scale versions 8.6.1.x antérieures à 8.6.1.6 avec le correctif de sécurité PH61189 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.16",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Extreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 avec le correctif de s\u00e9curit\u00e9 PH61189",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2023-31582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31582"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-25613",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25613"
},
{
"name": "CVE-2023-41419",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41419"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2018-11770",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11770"
},
{
"name": "CVE-2018-11804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11804"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2022-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2018-17190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17190"
},
{
"name": "CVE-2023-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26145"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0419",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150929 du 10 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150929"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152257 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152260 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152260"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152258 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150844 du 10 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150844"
}
]
}
CERTFR-2024-AVI-0419
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics versions antérieures à 4.1.16 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Extreme Scale versions 8.6.1.x antérieures à 8.6.1.6 avec le correctif de sécurité PH61189 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.16",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Extreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 avec le correctif de s\u00e9curit\u00e9 PH61189",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2023-31582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31582"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-25613",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25613"
},
{
"name": "CVE-2023-41419",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41419"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2018-11770",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11770"
},
{
"name": "CVE-2018-11804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11804"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2022-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2018-17190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17190"
},
{
"name": "CVE-2023-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26145"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0419",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150929 du 10 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150929"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152257 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152260 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152260"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152258 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150844 du 10 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150844"
}
]
}
CERTFR-2024-AVI-0180
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 3 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 8 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.2 | ||
| IBM | WebSphere | Websphere Liberty versions antérieures à 23.0.0.12 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cloud Pak | Cognos Dashboards on Cloud Pak for Data versions antérieures à 4.8.3 | ||
| IBM | N/A | Cognos Command Center versions antérieures à 10.2.5 IF1 | ||
| IBM | Cognos Transformer | Cognos Transformer versions antérieures à 11.1.7 Fix Pack 8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Websphere Liberty versions ant\u00e9rieures \u00e0 23.0.0.12",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 IF1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38359"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2023-50324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50324"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2023-30589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-32344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32344"
},
{
"name": "CVE-2023-43051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43051"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2023-30588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
},
{
"name": "CVE-2012-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2018-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-28167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28167"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2010-2084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2084"
},
{
"name": "CVE-2019-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-34357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34357"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2014-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2023-30996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30996"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0180",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112541 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112541"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125640 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125640"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7124466 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7124466"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112504 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112504"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125461 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125461"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7123154 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7123154"
}
]
}
CERTFR-2025-AVI-0214
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.4.1 pour Intel | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.5.0 pour Power | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03 | ||
| IBM | Sterling | Sterling B2B Integrator versions antérieures à 6.1.2.7 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-45638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
},
{
"name": "CVE-2022-48565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2023-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2025-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2022-48566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2024-45643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
},
{
"name": "CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2022-4742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
"url": "https://www.ibm.com/support/pages/node/7185937"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
"url": "https://www.ibm.com/support/pages/node/7185675"
},
{
"published_at": "2025-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
"url": "https://www.ibm.com/support/pages/node/7185257"
},
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
"url": "https://www.ibm.com/support/pages/node/7185938"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
"url": "https://www.ibm.com/support/pages/node/7185353"
}
]
}
CERTFR-2024-AVI-0145
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | N/A | IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05 | ||
| IBM | QRadar | IBM QRadar Use Case Manager App versions antérieures à 3.9.0 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | WebSphere | IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22 | ||
| IBM | Db2 | IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | QRadar WinCollect Agent | IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF05",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 3.9.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.22",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.x.x ant\u00e9rieures \u00e0 5.1.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.1.9",
"product": {
"name": "QRadar WinCollect Agent",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.3.x ant\u00e9rieures \u00e0 5.1.9.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-6681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6681"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2023-34053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34053"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2023-46308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47747"
},
{
"name": "CVE-2023-47158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47158"
},
{
"name": "CVE-2022-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23529"
},
{
"name": "CVE-2023-34054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34054"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50308"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2020-28367",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-32559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2023-4586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4586"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2022-29244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47746"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-37276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37276"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2023-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47141"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2023-45193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45193"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2023-47145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47145"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22190"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2020-19909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19909"
},
{
"name": "CVE-2022-48337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48337"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2020-29510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29510"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-48339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34062"
},
{
"name": "CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-36046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36046"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-27859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27859"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2023-32006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-36665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36665"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-14039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-47152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47152"
},
{
"name": "CVE-2023-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
},
{
"name": "CVE-2020-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0145",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117872 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117872"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118592 du 16 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118592"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117873 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118289 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118289"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118351 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118351"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117821 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117821"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117883 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117883"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117881 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117881"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117884 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117884"
}
]
}
CERTFR-2024-AVI-0180
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 3 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 8 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.2 | ||
| IBM | WebSphere | Websphere Liberty versions antérieures à 23.0.0.12 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le dernier correctif de sécurité OpenSSH | ||
| IBM | Cloud Pak | Cognos Dashboards on Cloud Pak for Data versions antérieures à 4.8.3 | ||
| IBM | N/A | Cognos Command Center versions antérieures à 10.2.5 IF1 | ||
| IBM | Cognos Transformer | Cognos Transformer versions antérieures à 11.1.7 Fix Pack 8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Websphere Liberty versions ant\u00e9rieures \u00e0 23.0.0.12",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 IF1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38359"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2023-50324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50324"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2020-28458",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2023-30589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
},
{
"name": "CVE-2021-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2023-32344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32344"
},
{
"name": "CVE-2023-43051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43051"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2023-30588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
},
{
"name": "CVE-2012-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2018-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-28167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28167"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2010-2084",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2084"
},
{
"name": "CVE-2019-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-34357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34357"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2014-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2023-30996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30996"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0180",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112541 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112541"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125640 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125640"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7124466 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7124466"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7112504 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7112504"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7125461 du 28 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7125461"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7123154 du 23 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7123154"
}
]
}
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2012-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0881"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0305",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147813"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147943"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147727"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147728"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147726"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148063"
}
]
}
CERTFR-2024-AVI-0923
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010 | ||
| IBM | QRadar | QRadar Assistant versions antérieures à 3.8.1 | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.5.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0144"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2023-25166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25166"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28856"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2018-12538",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12538"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2022-36943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36943"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38009"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43383"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2018-12545",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-41784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41784"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"name": "CVE-2022-24736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24736"
},
{
"name": "CVE-2024-25042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25042"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2020-15168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
},
{
"name": "CVE-2023-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29262"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2022-24735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24735"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2012-2677",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631",
"url": "https://www.ibm.com/support/pages/node/7173631"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015",
"url": "https://www.ibm.com/support/pages/node/7174015"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632",
"url": "https://www.ibm.com/support/pages/node/7173632"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691",
"url": "https://www.ibm.com/support/pages/node/7172691"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692",
"url": "https://www.ibm.com/support/pages/node/7172692"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592",
"url": "https://www.ibm.com/support/pages/node/7173592"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866",
"url": "https://www.ibm.com/support/pages/node/7173866"
}
]
}
CERTFR-2024-AVI-1006
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Core Data Center versions 9.12.x antérieures à 9.12.15 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.17.x antérieures à 5.17.4 | ||
| Atlassian | Jira | Jira Core Server versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions 8.5.x antérieures à 8.5.17 LTS | ||
| Atlassian | Jira | Jira Core Server versions 9.4.x antérieures à 9.4.28 LTS | ||
| Atlassian | Jira | Jira Core Server versions 9.17.x antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.17.x antérieures à 5.17.4 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.x antérieures à 8.9.8 | ||
| Atlassian | Jira | Jira Core Data Center versions 9.17.x antérieures à 9.17.4 | ||
| Atlassian | Jira | Jira Core Server versions 9.12.x antérieures à 9.12.15 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions 8.x antérieures à 8.9.8 | ||
| Atlassian | Jira | Jira Service Management Server versions 5.12.x antérieures à 5.12.15 LTS | ||
| Atlassian | Jira | Jira Core Data Center versions 9.4.x antérieures à 9.4.28 LTS | ||
| Atlassian | Jira | Jira Service Management Server versions 5.4.x antérieures à 5.4.28 LTS | ||
| Atlassian | Jira | Jira Core Data Center versions 10.1.x antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Data Center versions 8.5.x antérieures à 8.5.17 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.1.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.12.x antérieures à 5.12.15 LTS | ||
| Atlassian | Confluence | Confluence Data Center versions 7.19.x antérieures à 7.19.29 LTS | ||
| Atlassian | Confluence | Confluence Server versions 7.19.x antérieures à 7.19.29 LTS | ||
| Atlassian | Jira | Jira Service Management Data Center versions 5.4.x antérieures à 5.4.28 LTS |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Core Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.17.x ant\u00e9rieures \u00e0 5.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.x ant\u00e9rieures \u00e0 8.9.8",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 8.x ant\u00e9rieures \u00e0 8.9.8",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Core Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 8.5.x ant\u00e9rieures \u00e0 8.5.17 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.12.x ant\u00e9rieures \u00e0 5.12.15 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 7.19.x ant\u00e9rieures \u00e0 7.19.29 LTS",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 5.4.x ant\u00e9rieures \u00e0 5.4.28 LTS",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1006",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98022",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98022"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98299",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98299"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98481",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98481"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98442",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98442"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15626",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15626"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-15689",
"url": "https://jira.atlassian.com/browse/JSDSERVER-15689"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98484",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98484"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JRASERVER-78199",
"url": "https://jira.atlassian.com/browse/JRASERVER-78199"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98231",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98231"
},
{
"published_at": "2024-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-98021",
"url": "https://jira.atlassian.com/browse/CONFSERVER-98021"
}
]
}
CERTFR-2024-AVI-0923
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010 | ||
| IBM | QRadar | QRadar Assistant versions antérieures à 3.8.1 | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.5.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0144"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2023-25166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25166"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28856"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2018-12538",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12538"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2022-36943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36943"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38009"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43383"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2018-12545",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-41784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41784"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"name": "CVE-2022-24736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24736"
},
{
"name": "CVE-2024-25042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25042"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2020-15168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
},
{
"name": "CVE-2023-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29262"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2022-24735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24735"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2012-2677",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631",
"url": "https://www.ibm.com/support/pages/node/7173631"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015",
"url": "https://www.ibm.com/support/pages/node/7174015"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632",
"url": "https://www.ibm.com/support/pages/node/7173632"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691",
"url": "https://www.ibm.com/support/pages/node/7172691"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692",
"url": "https://www.ibm.com/support/pages/node/7172692"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592",
"url": "https://www.ibm.com/support/pages/node/7173592"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866",
"url": "https://www.ibm.com/support/pages/node/7173866"
}
]
}
NCSC-2024-0466
Vulnerability from csaf_ncscnl - Published: 2024-12-06 13:05 - Updated: 2024-12-06 13:05Summary
Kwetsbaarheden verholpen in Atlassian producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.
Voor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.
Oplossingen
Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-755
Improper Handling of Exceptional Conditions
CWE-347
Improper Verification of Cryptographic Signature
CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE-23
Relative Path Traversal
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.\nVoor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Excessive Platform Resource Consumption within a Loop",
"title": "CWE-1050"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - certbundde",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html"
}
],
"title": "Kwetsbaarheden verholpen in Atlassian producten",
"tracking": {
"current_release_date": "2024-12-06T13:05:55.904619Z",
"id": "NCSC-2024-0466",
"initial_release_date": "2024-12-06T13:05:55.904619Z",
"revision_history": [
{
"date": "2024-12-06T13:05:55.904619Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "atlassian_bamboo__10.0.0",
"product": {
"name": "atlassian_bamboo__10.0.0",
"product_id": "CSAFPID-1645374",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bamboo__9.2.17",
"product": {
"name": "atlassian_bamboo__9.2.17",
"product_id": "CSAFPID-1621163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bamboo__9.6.4",
"product": {
"name": "atlassian_bamboo__9.6.4",
"product_id": "CSAFPID-1645371",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__8.19.9",
"product": {
"name": "atlassian_bitbucket__8.19.9",
"product_id": "CSAFPID-1645370",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__8.9.19",
"product": {
"name": "atlassian_bitbucket__8.9.19",
"product_id": "CSAFPID-1645373",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__9.0.0",
"product": {
"name": "atlassian_bitbucket__9.0.0",
"product_id": "CSAFPID-1645372",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__7.19.26",
"product": {
"name": "atlassian_confluence__7.19.26",
"product_id": "CSAFPID-1621160",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__7.19.26__lts_",
"product": {
"name": "atlassian_confluence__7.19.26__lts_",
"product_id": "CSAFPID-1621135",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.5.12",
"product": {
"name": "atlassian_confluence__8.5.12",
"product_id": "CSAFPID-1645510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.5.14__lts_",
"product": {
"name": "atlassian_confluence__8.5.14__lts_",
"product_id": "CSAFPID-1621133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.9.4",
"product": {
"name": "atlassian_confluence__8.9.4",
"product_id": "CSAFPID-1645509",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__9.0.1",
"product": {
"name": "atlassian_confluence__9.0.1",
"product_id": "CSAFPID-1621161",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence_data_center__9.0.1",
"product": {
"name": "atlassian_confluence_data_center__9.0.1",
"product_id": "CSAFPID-1621140",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software__9.12.12__lts_",
"product": {
"name": "atlassian_jira_software__9.12.12__lts_",
"product_id": "CSAFPID-1621142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software__9.4.25__lts_",
"product": {
"name": "atlassian_jira_software__9.4.25__lts_",
"product_id": "CSAFPID-1621143",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_data_center__9.17.1",
"product": {
"name": "atlassian_jira_software_data_center__9.17.1",
"product_id": "CSAFPID-1621141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management__5.12.12__lts_",
"product": {
"name": "atlassian_jira_software_service_management__5.12.12__lts_",
"product_id": "CSAFPID-1621138",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management__5.4.25__lts_",
"product": {
"name": "atlassian_jira_software_service_management__5.4.25__lts_",
"product_id": "CSAFPID-1621139",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management_data_center__5.17.1",
"product": {
"name": "atlassian_jira_software_service_management_data_center__5.17.1",
"product_id": "CSAFPID-1621137",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bamboo",
"product": {
"name": "bamboo",
"product_id": "CSAFPID-716889",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bitbucket",
"product": {
"name": "bitbucket",
"product_id": "CSAFPID-1725084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "confluence",
"product": {
"name": "confluence",
"product_id": "CSAFPID-551338",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "jira_software",
"product": {
"name": "jira_software",
"product_id": "CSAFPID-1725085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1724900",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1725556",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1725557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree_for_mac",
"product": {
"name": "sourcetree_for_mac",
"product_id": "CSAFPID-1724286",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree_for_windows",
"product": {
"name": "sourcetree_for_windows",
"product_id": "CSAFPID-1724287",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-38900",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-551338"
]
}
],
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-551338"
]
}
],
"title": "CVE-2023-46234"
},
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338",
"CSAFPID-1725085",
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-551338",
"CSAFPID-1725085",
"CSAFPID-716889"
]
}
],
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-4068",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"notes": [
{
"category": "other",
"text": "Excessive Platform Resource Consumption within a Loop",
"title": "CWE-1050"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4068",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4068.json"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-21697",
"product_status": {
"known_affected": [
"CSAFPID-1724286",
"CSAFPID-1724287",
"CSAFPID-1725556",
"CSAFPID-1725557"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21697",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21697.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1724286",
"CSAFPID-1724287",
"CSAFPID-1725556",
"CSAFPID-1725557"
]
}
],
"title": "CVE-2024-21697"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1725084",
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1725084",
"CSAFPID-551338"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-30172",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1621160",
"CSAFPID-1621161",
"CSAFPID-1645509",
"CSAFPID-1645510",
"CSAFPID-551338",
"CSAFPID-1725084"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30172",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1621160",
"CSAFPID-1621161",
"CSAFPID-1645509",
"CSAFPID-1645510",
"CSAFPID-551338",
"CSAFPID-1725084"
]
}
],
"title": "CVE-2024-30172"
},
{
"cve": "CVE-2024-34750",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1621133",
"CSAFPID-1621135",
"CSAFPID-1621137",
"CSAFPID-1621138",
"CSAFPID-1621139",
"CSAFPID-1621140",
"CSAFPID-1621141",
"CSAFPID-1621142",
"CSAFPID-1621143",
"CSAFPID-1621163",
"CSAFPID-1645370",
"CSAFPID-1645371",
"CSAFPID-1645372",
"CSAFPID-1645373",
"CSAFPID-1645374"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1621133",
"CSAFPID-1621135",
"CSAFPID-1621137",
"CSAFPID-1621138",
"CSAFPID-1621139",
"CSAFPID-1621140",
"CSAFPID-1621141",
"CSAFPID-1621142",
"CSAFPID-1621143",
"CSAFPID-1621163",
"CSAFPID-1645370",
"CSAFPID-1645371",
"CSAFPID-1645372",
"CSAFPID-1645373",
"CSAFPID-1645374"
]
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-38816",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338",
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38816",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-551338",
"CSAFPID-716889"
]
}
],
"title": "CVE-2024-38816"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1725085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45801",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1725085"
]
}
],
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-716889"
]
}
],
"title": "CVE-2024-47561"
}
]
}
WID-SEC-W-2024-3508
Vulnerability from csaf_certbund - Published: 2024-11-19 23:00 - Updated: 2024-11-19 23:00Summary
Atlassian Confluence: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Confluence ist eine kommerzielle Wiki-Software.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Informationen preiszugeben und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Confluence ist eine kommerzielle Wiki-Software.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Informationen preiszugeben und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3508 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3508.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3508 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3508"
},
{
"category": "external",
"summary": "Atlassian November 2024 Security Bulletin vom 2024-11-19",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html"
}
],
"source_lang": "en-US",
"title": "Atlassian Confluence: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-19T23:00:00.000+00:00",
"generator": {
"date": "2024-11-20T10:42:48.003+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3508",
"initial_release_date": "2024-11-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.1.1",
"product": {
"name": "Atlassian Confluence \u003c9.1.1",
"product_id": "T039313"
}
},
{
"category": "product_version",
"name": "9.1.1",
"product": {
"name": "Atlassian Confluence 9.1.1",
"product_id": "T039313-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.9.8",
"product": {
"name": "Atlassian Confluence \u003c8.9.8",
"product_id": "T039314"
}
},
{
"category": "product_version",
"name": "8.9.8",
"product": {
"name": "Atlassian Confluence 8.9.8",
"product_id": "T039314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.9.8"
}
}
},
{
"category": "product_version_range",
"name": "LTS \u003c8.5.17",
"product": {
"name": "Atlassian Confluence LTS \u003c8.5.17",
"product_id": "T039315"
}
},
{
"category": "product_version",
"name": "LTS 8.5.17",
"product": {
"name": "Atlassian Confluence LTS 8.5.17",
"product_id": "T039315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:lts__8.5.17"
}
}
},
{
"category": "product_version_range",
"name": "LTS \u003c7.19.29",
"product": {
"name": "Atlassian Confluence LTS \u003c7.19.29",
"product_id": "T039316"
}
},
{
"category": "product_version",
"name": "LTS 7.19.29",
"product": {
"name": "Atlassian Confluence LTS 7.19.29",
"product_id": "T039316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:lts__7.19.29"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-38900",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Confluence. Diese Fehler betreffen mehrere Komponenten, darunter com.nimbusds, org.bouncycastle und tomcat-coyote. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.."
}
],
"product_status": {
"known_affected": [
"T039315",
"T039314",
"T039316",
"T039313"
]
},
"release_date": "2024-11-19T23:00:00.000+00:00",
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2023-52428",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Confluence. Diese Fehler betreffen mehrere Komponenten, darunter com.nimbusds, org.bouncycastle und tomcat-coyote. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.."
}
],
"product_status": {
"known_affected": [
"T039315",
"T039314",
"T039316",
"T039313"
]
},
"release_date": "2024-11-19T23:00:00.000+00:00",
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-24549",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Confluence. Diese Fehler betreffen mehrere Komponenten, darunter com.nimbusds, org.bouncycastle und tomcat-coyote. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.."
}
],
"product_status": {
"known_affected": [
"T039315",
"T039314",
"T039316",
"T039313"
]
},
"release_date": "2024-11-19T23:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-30172",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Confluence. Diese Fehler betreffen mehrere Komponenten, darunter com.nimbusds, org.bouncycastle und tomcat-coyote. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.."
}
],
"product_status": {
"known_affected": [
"T039315",
"T039314",
"T039316",
"T039313"
]
},
"release_date": "2024-11-19T23:00:00.000+00:00",
"title": "CVE-2024-30172"
},
{
"cve": "CVE-2024-4068",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Confluence. Diese Fehler betreffen mehrere Komponenten, darunter com.nimbusds, org.bouncycastle und tomcat-coyote. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.."
}
],
"product_status": {
"known_affected": [
"T039315",
"T039314",
"T039316",
"T039313"
]
},
"release_date": "2024-11-19T23:00:00.000+00:00",
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2023-46234",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Atlassian Confluence. Dieser Fehler besteht aufgrund einer unsachgem\u00e4\u00dfen Handhabung der kryptographischen Signatur\u00fcberpr\u00fcfung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Authentifizierung und Sitzungsverwaltung zu umgehen."
}
],
"product_status": {
"known_affected": [
"T039315",
"T039314",
"T039316",
"T039313"
]
},
"release_date": "2024-11-19T23:00:00.000+00:00",
"title": "CVE-2023-46234"
},
{
"cve": "CVE-2024-38816",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Atlassian Confluence. Dieser Fehler betrifft spring-webmvc aufgrund eines Path Traversal Problems bei der Verwendung bestimmter Konfigurationen (RouterFunctions mit FileSystemResource). Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T039315",
"T039314",
"T039316",
"T039313"
]
},
"release_date": "2024-11-19T23:00:00.000+00:00",
"title": "CVE-2024-38816"
}
]
}
WID-SEC-W-2023-2782
Vulnerability from csaf_certbund - Published: 2023-10-30 23:00 - Updated: 2024-10-15 22:00Summary
Red Hat OpenShift distributed tracing: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift distributed tracing ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift distributed tracing ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2782 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2782.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2782 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2782"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5ECC250449 vom 2024-02-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5ecc250449"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-10-30",
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-10-30",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6800-1 vom 2024-05-30",
"url": "https://ubuntu.com/security/notices/USN-6800-1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-78DF19AAF3 vom 2024-10-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-78df19aaf3"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift distributed tracing: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-10-15T22:00:00.000+00:00",
"generator": {
"date": "2024-10-16T08:17:58.836+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-2782",
"initial_release_date": "2023-10-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-11-08T23:00:00.000+00:00",
"number": "2",
"summary": "Anpassung im Text"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cdistributed tracing 2.9.0",
"product": {
"name": "Red Hat OpenShift \u003cdistributed tracing 2.9.0",
"product_id": "T031021"
}
},
{
"category": "product_version",
"name": "distributed tracing 2.9.0",
"product": {
"name": "Red Hat OpenShift distributed tracing 2.9.0",
"product_id": "T031021-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:distributed_tracing_2.9.0"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46234",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift distributed tracing. Dieser Fehler besteht im browserify-sign Knotenpaket aufgrund einer unsachgem\u00e4\u00dfen \u00dcberpr\u00fcfung der kryptografischen Signatur, die es erm\u00f6glicht, einen Signaturf\u00e4lschungsangriff auszuf\u00fchren, indem kryptografische Signaturen f\u00fcr DSA-Daten nicht korrekt \u00fcberpr\u00fcft werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und sich unbefugten Zugriff zu verschaffen."
}
],
"product_status": {
"known_affected": [
"T000126",
"T031021",
"74185"
]
},
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-46234"
}
]
}
FKIE_CVE-2023-46234
Vulnerability from fkie_nvd - Published: 2023-10-26 15:15 - Updated: 2025-04-10 20:47
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw | Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html | Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/ | Release Notes | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/ | Release Notes | |
| security-advisories@github.com | https://www.debian.org/security/2023/dsa-5539 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5539 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| browserify | browserify-sign | * | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:browserify:browserify-sign:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "DE51BF6D-53CC-41A1-9530-BD9B1DCFBE6D",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2."
},
{
"lang": "es",
"value": "browserify-sign es un paquete para duplicar la funcionalidad de las funciones de clave p\u00fablica criptogr\u00e1fica del nodo, gran parte de esto se basa en el trabajo de Fedor Indutny en indutny/tls.js. Un problema de verificaci\u00f3n de l\u00edmite superior en la funci\u00f3n `dsaVerify` permite a un atacante construir firmas que pueden verificarse con \u00e9xito mediante cualquier clave p\u00fablica, lo que lleva a un ataque de falsificaci\u00f3n de firmas. Todos los lugares de este proyecto que implican la verificaci\u00f3n DSA de las firmas ingresadas por los usuarios se ver\u00e1n afectados por esta vulnerabilidad. Este problema se solucion\u00f3 en la versi\u00f3n 4.2.2."
}
],
"id": "CVE-2023-46234",
"lastModified": "2025-04-10T20:47:25.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-26T15:15:09.087",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5539"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2023-46234
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-46234",
"id": "GSD-2023-46234"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-46234"
],
"details": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n",
"id": "GSD-2023-46234",
"modified": "2023-12-13T01:20:53.400557Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-46234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "browserify-sign",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 2.6.0, \u003c= 4.2.1"
}
]
}
}
]
},
"vendor_name": "browserify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-347",
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"refsource": "MISC",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"name": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30",
"refsource": "MISC",
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"name": "https://www.debian.org/security/2023/dsa-5539",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5539"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
}
]
},
"source": {
"advisory": "GHSA-x9w5-v3q2-3rhw",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:browserify:browserify-sign:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "DE51BF6D-53CC-41A1-9530-BD9B1DCFBE6D",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n"
},
{
"lang": "es",
"value": "browserify-sign es un paquete para duplicar la funcionalidad de las funciones de clave p\u00fablica criptogr\u00e1fica del nodo, gran parte de esto se basa en el trabajo de Fedor Indutny en indutny/tls.js. Un problema de verificaci\u00f3n de l\u00edmite superior en la funci\u00f3n `dsaVerify` permite a un atacante construir firmas que pueden verificarse con \u00e9xito mediante cualquier clave p\u00fablica, lo que lleva a un ataque de falsificaci\u00f3n de firmas. Todos los lugares de este proyecto que implican la verificaci\u00f3n DSA de las firmas ingresadas por los usuarios se ver\u00e1n afectados por esta vulnerabilidad. Este problema se solucion\u00f3 en la versi\u00f3n 4.2.2."
}
],
"id": "CVE-2023-46234",
"lastModified": "2024-02-28T03:15:07.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2023-10-26T15:15:09.087",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5539"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
}
}
}
MSRC_CVE-2023-46234
Vulnerability from csaf_microsoft - Published: 2023-10-01 00:00 - Updated: 2023-10-31 00:00Summary
browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-46234.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack ",
"tracking": {
"current_release_date": "2023-10-31T00:00:00.000Z",
"generator": {
"date": "2025-10-20T00:44:26.400Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-46234",
"initial_release_date": "2023-10-01T00:00:00.000Z",
"revision_history": [
{
"date": "2023-10-31T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 reaper 3.1.1-9",
"product": {
"name": "\u003ccbl2 reaper 3.1.1-9",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 reaper 3.1.1-9",
"product": {
"name": "cbl2 reaper 3.1.1-9",
"product_id": "17334"
}
}
],
"category": "product_name",
"name": "reaper"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 reaper 3.1.1-9 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 reaper 3.1.1-9 as a component of CBL Mariner 2.0",
"product_id": "17334-17086"
},
"product_reference": "17334",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17334-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-46234.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-31T00:00:00.000Z",
"details": "3.1.1-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack "
}
]
}
GHSA-X9W5-V3Q2-3RHW
Vulnerability from github – Published: 2023-10-26 20:53 – Updated: 2025-02-13 19:19
VLAI?
Summary
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Details
Summary
An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.
Details
In dsaVerify function, it checks whether the value of the signature is legal by calling function checkValue, namely, whether r and s are both in the interval [1, q - 1]. However, the second line of the checkValue function wrongly checks the upper bound of the passed parameters, since the value of b.cmp(q) can only be 0, 1 and -1, and it can never be greater than q.
In this way, although the values of s cannot be 0, an attacker can achieve the same effect as zero by setting its value to q, and then send (r, s) = (1, q) to pass the verification of any public key.
Impact
All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.
Fix PR:
Since the temporary private fork was deleted, here's a webarchive of the PR discussion and diff pages: PR webarchive.zip
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.1"
},
"package": {
"ecosystem": "npm",
"name": "browserify-sign"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "4.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46234"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-26T20:53:21Z",
"nvd_published_at": "2023-10-26T15:15:09Z",
"severity": "HIGH"
},
"details": "### Summary\nAn upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.\n\n### Details\nIn `dsaVerify` function, it checks whether the value of the signature is legal by calling function `checkValue`, namely, whether `r` and `s` are both in the interval `[1, q - 1]`. However, the second line of the `checkValue` function wrongly checks the upper bound of the passed parameters, since the value of `b.cmp(q)` can only be `0`, `1` and `-1`, and it can never be greater than `q`. \n\nIn this way, although the values of `s` cannot be `0`, an attacker can achieve the same effect as zero by setting its value to `q`, and then send `(r, s) = (1, q)` to pass the verification of any public key.\n\n### Impact\nAll places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.\n\n\n### Fix PR:\nSince the temporary private fork was deleted, here\u0027s a webarchive of the PR discussion and diff pages: [PR webarchive.zip](https://github.com/browserify/browserify-sign/files/13172957/PR.webarchive.zip)",
"id": "GHSA-x9w5-v3q2-3rhw",
"modified": "2025-02-13T19:19:37Z",
"published": "2023-10-26T20:53:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234"
},
{
"type": "WEB",
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"type": "PACKAGE",
"url": "https://github.com/browserify/browserify-sign"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5539"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack"
}
RHBA-2024:10184
Vulnerability from csaf_redhat - Published: 2024-11-21 22:06 - Updated: 2025-11-21 17:23Summary
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.5 bugfix release
Notes
Topic
Red Hat Developer Hub 1.2.5 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed,
customizable developer portal based on Backstage.io. RHDH is supported on
OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by
plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.2.5 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed,\ncustomizable developer portal based on Backstage.io. RHDH is supported on\nOpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by\nplugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2024:10184",
"url": "https://access.redhat.com/errata/RHBA-2024:10184"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.2",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.2"
},
{
"category": "external",
"summary": "RHIDP-4215",
"url": "https://issues.redhat.com/browse/RHIDP-4215"
},
{
"category": "external",
"summary": "RHIDP-4217",
"url": "https://issues.redhat.com/browse/RHIDP-4217"
},
{
"category": "external",
"summary": "RHIDP-4218",
"url": "https://issues.redhat.com/browse/RHIDP-4218"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_10184.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.5 bugfix release",
"tracking": {
"current_release_date": "2025-11-21T17:23:29+00:00",
"generator": {
"date": "2025-11-21T17:23:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHBA-2024:10184",
"initial_release_date": "2024-11-21T22:06:56+00:00",
"revision_history": [
{
"date": "2024-11-21T22:06:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-21T22:06:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:23:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.2 for RHEL 9",
"product": {
"name": "Red Hat Developer Hub 1.2 for RHEL 9",
"product_id": "9Base-RHDH-1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64",
"product": {
"name": "rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64",
"product_id": "rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1.2-154"
}
}
},
{
"category": "product_version",
"name": "rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"product": {
"name": "rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"product_id": "rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1.2-147"
}
}
},
{
"category": "product_version",
"name": "rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64",
"product": {
"name": "rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64",
"product_id": "rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1.2-148"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64 as a component of Red Hat Developer Hub 1.2 for RHEL 9",
"product_id": "9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64"
},
"product_reference": "rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64",
"relates_to_product_reference": "9Base-RHDH-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64 as a component of Red Hat Developer Hub 1.2 for RHEL 9",
"product_id": "9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64"
},
"product_reference": "rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"relates_to_product_reference": "9Base-RHDH-1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64 as a component of Red Hat Developer Hub 1.2 for RHEL 9",
"product_id": "9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
},
"product_reference": "rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64",
"relates_to_product_reference": "9Base-RHDH-1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2023-10-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker could impact the integrity of a server when handling unknown input due to the lack of DSA verification, for example, pretending to be a legitimate user, gaining unauthorized access. Therefore, the impact for this vulnerability is important.\n\nRed Hat Fuse 7 uses browserify-sign as a transitive development dependency, hence the Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64"
],
"known_not_affected": [
"9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46234"
},
{
"category": "external",
"summary": "RHBZ#2246470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234"
},
{
"category": "external",
"summary": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
}
],
"release_date": "2023-10-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-21T22:06:56+00:00",
"details": "For more information about Red Hat Developer Hub 1.2, see the link in the References section.",
"product_ids": [
"9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:10184"
},
{
"category": "workaround",
"details": "No current mitigation is yet available for this flaw.",
"product_ids": [
"9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64"
],
"known_not_affected": [
"9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-21T22:06:56+00:00",
"details": "For more information about Red Hat Developer Hub 1.2, see the link in the References section.",
"product_ids": [
"9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:10184"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHDH-1.2:rhdh/rhdh-hub-rhel9@sha256:f767bbaa49d570a56a56bf0a645dcedd3ffa2708eba0ec15bfad7ff945bb32e0_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-operator-bundle@sha256:808b5e941f390c695cb713b86066ff833537ce7c3e387c2c260f0aecdeae30d6_amd64",
"9Base-RHDH-1.2:rhdh/rhdh-rhel9-operator@sha256:a311b97bd9d865a028653f9dd754b32aabe60ca128c5b97d899b6c81a24000e5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
}
]
}
RHSA-2023:6180
Vulnerability from csaf_redhat - Published: 2023-10-30 12:53 - Updated: 2025-11-21 18:48Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update
Notes
Topic
An update is now available for Red Hat Openshift distributed tracing 2.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Release of Red Hat OpenShift distributed tracing provides these changes:
Security Fix(es):
* browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack (CVE-2023-46234)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Openshift distributed tracing 2.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift distributed tracing provides these changes:\n\nSecurity Fix(es):\n\n* browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack (CVE-2023-46234)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6180",
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2246470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6180.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update",
"tracking": {
"current_release_date": "2025-11-21T18:48:26+00:00",
"generator": {
"date": "2025-11-21T18:48:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:6180",
"initial_release_date": "2023-10-30T12:53:43+00:00",
"revision_history": [
{
"date": "2023-10-30T12:53:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-30T12:53:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:48:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 2.9",
"product": {
"name": "Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product_id": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product_id": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product_id": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product_id": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product_id": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product_id": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product_id": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product_id": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product_id": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2023-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker could impact the integrity of a server when handling unknown input due to the lack of DSA verification, for example, pretending to be a legitimate user, gaining unauthorized access. Therefore, the impact for this vulnerability is important.\n\nRed Hat Fuse 7 uses browserify-sign as a transitive development dependency, hence the Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46234"
},
{
"category": "external",
"summary": "RHBZ#2246470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234"
},
{
"category": "external",
"summary": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
}
],
"release_date": "2023-10-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T12:53:43+00:00",
"details": "To update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate RPMs being upgraded on your system.",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "workaround",
"details": "No current mitigation is yet available for this flaw.",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack"
}
]
}
RHSA-2023_6180
Vulnerability from csaf_redhat - Published: 2023-10-30 12:53 - Updated: 2024-12-10 16:36Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update
Notes
Topic
An update is now available for Red Hat Openshift distributed tracing 2.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Release of Red Hat OpenShift distributed tracing provides these changes:
Security Fix(es):
* browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack (CVE-2023-46234)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Openshift distributed tracing 2.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift distributed tracing provides these changes:\n\nSecurity Fix(es):\n\n* browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack (CVE-2023-46234)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6180",
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2246470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6180.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update",
"tracking": {
"current_release_date": "2024-12-10T16:36:54+00:00",
"generator": {
"date": "2024-12-10T16:36:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6180",
"initial_release_date": "2023-10-30T12:53:43+00:00",
"revision_history": [
{
"date": "2023-10-30T12:53:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-30T12:53:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T16:36:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 2.9",
"product": {
"name": "Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product_id": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product_id": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product_id": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product_id": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product_id": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product_id": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product_id": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product_id": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product_id": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2023-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker could impact the integrity of a server when handling unknown input due to the lack of DSA verification, for example, pretending to be a legitimate user, gaining unauthorized access. Therefore, the impact for this vulnerability is important.\n\nRed Hat Fuse 7 uses browserify-sign as a transitive development dependency, hence the Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46234"
},
{
"category": "external",
"summary": "RHBZ#2246470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234"
},
{
"category": "external",
"summary": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
}
],
"release_date": "2023-10-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T12:53:43+00:00",
"details": "To update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate RPMs being upgraded on your system.",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "workaround",
"details": "No current mitigation is yet available for this flaw.",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…